Re: ICMP redirects are ba'ad mkay?
From: Stephen Gill (gillsr@yahoo.com)Date: 07/23/02
- Next message: Duane Arnold: "Re: security on iis 5 open port router"
- Previous message: Stephen Gill: "Re: ICMP redirects are ba'ad mkay?"
- In reply to: nobody: "Re: ICMP redirects are ba'ad mkay?"
- Next in thread: nobody: "Re: ICMP redirects are ba'ad mkay?"
- Reply: nobody: "Re: ICMP redirects are ba'ad mkay?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: gillsr@yahoo.com (Stephen Gill) Date: 23 Jul 2002 02:17:25 -0700
Nobody,
The requirements list was gathered from RFC 1122, but not solely from
it as you have observed. It was also a combination of what has been
put into practice, and Stevens TCP/IP vol 1. So, they are rules of
the road, and not all found in RFC 1122.
>it has multiple logical IP addresses associated with a given hardware
>address, there will be no way for it to tell which one the original
>host has in its route cache. If a host has to behave robustly under
Most of the time routers choose a primary IP address from which to
forward traffic if it contains multiple IPs in the same net. I'm not
sure where someone would want to use a random style approach here and
I've not seen it in practice. Where might the benefit be of having a
single interface point towards a host with multiple logical interfaces
on the same IP network?
>Agreed, if "the host" means "the host to which the redirect was
sent".
>This is not mentioned by RFC 1122, but a redirect that fails this
>check is obviously invalid.
Steven's vol 1 is your friend ;).
>= 4. The redirect route must point to an indirect non-local address.
>It's not 100% clear to me what this means. Are you saying that the
>redirected route must point to a destination that is not on a
>connected subnet? Certainly that is reasonable check to make,
Yep. I'll reword for clarity.
>but it is not mentioned in RFC 1122. Note that the abstract route
Basically, the principle is that a direct connect metric is always
lower than a static or route metric.
>= 5. The host must be configured to accept redirects.
>According to RFC 1122, a host MUST accept valid redirects, so this
>should ALWAYS be true.
As we know, people don't always follow RFCs, and most hosts have knobs
to turn this off. So, we make sure that we specify that a host is
explicitly configured to accept redirects.
>Who says that an ICMP Redirect cannot replace an ICMP Redirect?
>Certainly it is valid and reasonable for a host to allow an
>ICMP Redirect to update a route cache entry that was previously
>updated by an ICMP Redirect. Consider this example: an outgoing
Stevens. He is God. Just kidding. See host rule #2.
This doesn't appear to be mentioned in RFC 1122. Maybe this check was
put in place to avoid situations where there are routing problems, and
Router A redirects to Router B, Router B redirects to Router A, ad
infinitum. I can think of instances where this rule might not apply.
Again, the list is a set of commonly implemented checks. This one was
taken from 4.4BSD though I'd have to examine the source code of the
latest variants to see if it is indeed still there.
>It is true that dynamically created host routes need to be
>flushed from the route cache when not used for some period
>of time. They also need to be discarded when all gateways
>to the host in question are down.
Depending on OS implementation they are discarded even if in use.
>I agree completely. I think that the paper over-reacts to the ping
>implementation bug it describes (this is NOT an ICMP Redirect
problem).
I don't think so. This was an offhand comment in the paper citing an
interesting observation.
>It certainly does not offer practical alternatives to the ICMP
Redirect
>to solve the problem of "first hop determination on a subnetwork with
>multiple routers".
Nor is it meant to provide you with any new and insanely keen alien
idea as to how to tackle it. It is meant to stimulate conversation,
educate, and advocate better network design.
Cheers,
-- steve
- Next message: Duane Arnold: "Re: security on iis 5 open port router"
- Previous message: Stephen Gill: "Re: ICMP redirects are ba'ad mkay?"
- In reply to: nobody: "Re: ICMP redirects are ba'ad mkay?"
- Next in thread: nobody: "Re: ICMP redirects are ba'ad mkay?"
- Reply: nobody: "Re: ICMP redirects are ba'ad mkay?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
