[92527] in North American Network Operators' Group
Re: icmp rpf
daemon@ATHENA.MIT.EDU (virendra rode //)
Sun Sep 24 19:27:12 2006
Date: Sun, 24 Sep 2006 16:25:50 -0700
From: virendra rode // <virendra.rode@gmail.com>
Reply-To: virendra.rode@gmail.com
To: Mark Kent <mark@noc.mainstreet.net>
Cc: nanog@merit.edu
In-Reply-To: <20060924215950.2E33F2848D@noc.mainstreet.net>
Errors-To: owner-nanog@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark Kent wrote:
> A smaller North American network provider, with a modest North
> American backbone, numbers their internal routers on public IP space
> that they do not announce to the world.
>
> One of the largest North American network providers filters/drops
> ICMP messages so that they only pass those with a source IP
> address that appears in their routing table.
>
> As a result, traceroutes from big.net into small.net have numerous
> hops that time out.
>
> Traceroutes from elsewhere that go into small.net but return on
> big.net also have numerous hops that time out.
>
> We do all still think that traceroute is important, don't we?
>
> If so, which of these two nets is unreasonable in their actions/policies?
>
> Please note that we're not talking about RFC1918 space, or reserved IP
> space of any kind. Also, think about the scenario where some failure
> happens leaving big.net with an incomplete routing table, thus breaking
> traceroute when it is perhaps most needed.
>
> Thanks,
> -mark
- --------------------------
This is yet another reason one shouldn't rely on pings & traceroutes to
perform reachability analysis.
regards,
/virendra
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFFxP+pbZvCIJx1bcRAnN8AJ0VqiwhNkxUm5MxG8p/hLptiJ1IdQCg7wIB
nx2woHkYDzu1+7MBdnOZaEw=
=mlPK
-----END PGP SIGNATURE-----
