I think there's a problem with the ICMP code...
Say you have a router, and it's multihomed to two different isp's,
say cogentco.com and qwest.net as your upstreams.
On your cogent interface, you have the ip address on the /30 assigned by cogent,
with reverse dns being blahblah.demarc.cogentco.com on the qwest interface.
Same story with qwest, with reverse dns being whatever.qwest.net.
Now let's say someone out on the internet with ip address of 1.1.1.1 runs
a traceroute into your network and his incoming path to your network comes over qwest.
Your router's hop should source its ICMP ttl-exceeded code (the traceroute hop) on
its qwest /30 ip address, because thats where the traceroute got triggered.
ICMP ttl-exceeded code's response should not be originated from the interface
holding the route, but should be origianted from the interface that got hit
with the traceroute.
--
Bubba Parker
Systems Administrator
CityNet LLC
http://www.citynetinfo.com/
> Say you have a router, and it's multihomed to two different isp's,
> say cogentco.com and qwest.net as your upstreams.
> On your cogent interface, you have the ip address on the /30
> assigned by cogent,
> with reverse dns being blahblah.demarc.cogentco.com on the qwest
> interface.
> Same story with qwest, with reverse dns being whatever.qwest.net.
> Now let's say someone out on the internet with ip address of 1.1.1.1 runs
> a traceroute into your network and his incoming path to your
> network comes over qwest.
> Your router's hop should source its ICMP ttl-exceeded code (the
> traceroute hop) on
> its qwest /30 ip address, because thats where the traceroute got
> triggered.
> ICMP ttl-exceeded code's response should not be originated from
> the interface
> holding the route, but should be origianted from the interface
> that got hit
> with the traceroute.
Why? If the same machine has two IP addresses, reaching one is the same as
reaching the other.
DS
[email protected] wrote:
>
> ICMP ttl-exceeded code's response should not be originated from the interface
> holding the route, but should be origianted from the interface that got hit
> with the traceroute.
What if the interface is a receive-only interface?
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Then check for that, and fall back to route lookup if it's receive-only. BSD
already does this, and so does all other router manufacturers, but it's broken
under Linux. I think David Schwartz is completely missing the point of having
multiple providers, hence the reason for the source address to be different.
[email protected] wrote:
>
> ICMP ttl-exceeded code's response should not be originated from the interface
> holding the route, but should be origianted from the interface that got hit
> with the traceroute.
What if the interface is a receive-only interface?
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt