:-) ----- Original Message ---- From: joel jaeggli <joelja@bogus.com> To: Ron Bonica <rbonica@juniper.net> Cc: nanog <nanog@nanog.org> Sent: Wed, November 4, 2009 3:41:26 AM Subject: Re: ip options How about unused and/or private/local diffserve code points? Ron Bonica wrote:
Folks,
I would love to see the IETF OPSEC WG publish a document on the pros and cons of filtering optioned packets.
Would anybody on this list be willing to author an Internet Draft?
Ron (co-director IETF O&M Area)
Luca Tosolini wrote:
Experts, out of the well-known values for ip options:
X@r4# set ip-options ? Possible completions: <range> Range of values [ Open a set of values any Any IP option loose-source-route Loose source route route-record Route record router-alert Router alert security Security stream-id Stream ID strict-source-route Strict source route timestamp Timestamp
I can only think of: - RSVP using router-alert - ICMP using route-record, timestamp
But I can not think of any other use of any other IP option. Considering the security hazard that they imply, I am therefore thinking to drop them.
Is any other ip options used by: ospf, isis, bgp, ldp, igmp, pim, bfd? Thanks, Luca.
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com