[189716] in North American Network Operators' Group
Re: rfc 1812 third party address on traceroute
daemon@ATHENA.MIT.EDU (Randy Bush)
Sun Jun 5 21:39:16 2016
X-Original-To: nanog@nanog.org
Date: Sun, 05 Jun 2016 18:39:11 -0700
From: Randy Bush <randy@psg.com>
To: North American Network Operators' Group <nanog@nanog.org>
In-Reply-To: <m2r3cihl96.wl%randy@psg.com> <57541678.8040204@ripe.net>
<57541E42.7040702@ripe.net>
Errors-To: nanog-bounces@nanog.org
> is anyone seeing the dreaded rfc1812 behavior in a citable fashion? how
> common is it?
we verified that the juniper and cisco platforms we tested replied with
the source address being the ingress interface. this is, imiho, good.
a kind soul actually sent citable tests
> At least my MikroTik RB850Gx2, running 'latest stable' (RouterOS
> v6.32.2) replies with the outbound interface, not the inbound.
>
> I'd assume this is because by default, icmp_errors_use_inbound_ifaddr in
> linux is disabled, and they haven't changed the default.
>
> No idea if that can be tweaked in the weird maze of mikrotik config options.
and from the same kind engineer
> And just to add even more inconsistency, I checked on my Ubiquiti
> EdgeMax (a VyOS fork) which does let me check the state of sysctls:
>
> router:/etc/sysctl.d$ cat 30-vyatta-router.conf
> <snip>
> # Send ICMP responses with primary address of exiting interface
> net.ipv4.icmp_errors_use_inbound_ifaddr=1
> </snip>
>
> So someone in Vyatta decided to explictly set this to be enabled.
so one win and one loss
randy
