[192342] in North American Network Operators' Group
Re: Death of the Internet, Film at 11
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Oct 26 01:30:09 2016
X-Original-To: nanog@nanog.org
To: Larry Sheldon <larrysheldon@cox.net>
From: Valdis.Kletnieks@vt.edu
In-Reply-To: <f89f007d-e8f0-6d35-8d19-f54deafdcfa3@cox.net>
Date: Wed, 26 Oct 2016 01:30:02 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1477459802_2235P
Content-Type: text/plain; charset=us-ascii
On Tue, 25 Oct 2016 18:54:22 -0500, Larry Sheldon said:
> What is it? 20 years? since the first time I was banned from NANOG for
> saying that the world would be a nicer place if EVERY true router
> refused to forward a packet whose SOURCE could not be reached from the
> port question. (May not be stated clearly, but idea seems simple
> enough: If the proposed ICMP message would not be routed to the port
> the packet came from, the best plan is probably to log the event and
> drop the ICMP and the rogue packet on the floor.)
That's not going to work when there's asymmetric routing. Say you get an
inbound packet from eth0 and the routing table says you should send it out on
eth2. However, it has DF set and eth2 has a smaller MTU, so you need to send
back an ICMP FRAG reply.
Now, do you send it out, or do you create a PMTUD black hole by dropping the
reply because your local table says the source is routed out eth1?
Hint: there's a difference between strict uRPF and loose uRPF.
--==_Exmh_1477459802_2235P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Comment: Exmh version 2.5 07/13/2001
iQEVAwUBWBA/Wo0DS38y7CIcAQJiawf+MuervuAj0R9WxvfO2NrgoSp1kw4843+i
Moy1CDQN7K589kZsLzsxaO6orfhei8Kp8GMf6PfaCtJRpkG1NxR5U4f9+ZMSjq8s
qYyhA/mTDOTT4uiiZJjv3W8Hhuv2GJRNipgeZdl/o0m06RE41b9CDtIO75SyWmHx
iogAgKQI0HdTGVBhf34nWdfWzXMVF2LV8SIJ8XbSOPBGtVsyCfF2Z2jZUqRJNxKF
31bFKX+rZW386eZQEKC+P69o59uG44SgB/I1eteUQI3aKuim4ahUiBOQrrNdAXse
9dfrFRkZ8rJTM5rpPBsszbpUFv8oIdbmxCO7KGgum887N7swTzl7lA==
=VnuL
-----END PGP SIGNATURE-----
--==_Exmh_1477459802_2235P--
