Date: Wed, 23 Jul 2003 13:50:05 -0400 (EDT) From: Dave Temkin <dave@ordinaryworld.com> Sender: owner-nanog@merit.edu
Needs is a tough call. Plenty of networks block ICMP at the border and could very well be using 1918 addressing in between and you'd have no idea.
And the network is broken. People persist in blocking ICMP and then complain when things don't work right. Even if you explain why blocking ICMP is breaking something, they say "ICMP is evil and we have to block it". OK. they are broken and when things don't work, they need to tell their customers that they are choosing to run a network that does not work correctly. (Not that I expect anyone to do this.) I don't see anything "tough" about this call. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634
Unless of course I block ICMP for the purposes of denying traceroute but still allow DF/etc. Then it's not "broken" as you say. -- David Temkin On Wed, 23 Jul 2003, Kevin Oberman wrote:
Date: Wed, 23 Jul 2003 13:50:05 -0400 (EDT) From: Dave Temkin <dave@ordinaryworld.com> Sender: owner-nanog@merit.edu
Needs is a tough call. Plenty of networks block ICMP at the border and could very well be using 1918 addressing in between and you'd have no idea.
And the network is broken.
People persist in blocking ICMP and then complain when things don't work right. Even if you explain why blocking ICMP is breaking something, they say "ICMP is evil and we have to block it". OK. they are broken and when things don't work, they need to tell their customers that they are choosing to run a network that does not work correctly. (Not that I expect anyone to do this.)
I don't see anything "tough" about this call.
Unless of course I block ICMP for the purposes of denying traceroute but still allow DF/etc. Then it's not "broken" as you say.
Sure, but people "blocking all ICMP" haven´t usually heard that there are different types and codes in ICMP. It´s surprising how many large www sites do not work if your MTU is less than 1500. Even if you do PMTU. (because the packets vanish somewhere before or at the server). Pete
-- David Temkin
On Wed, 23 Jul 2003, Kevin Oberman wrote:
Date: Wed, 23 Jul 2003 13:50:05 -0400 (EDT) From: Dave Temkin <dave@ordinaryworld.com> Sender: owner-nanog@merit.edu
Needs is a tough call. Plenty of networks block ICMP at the border and could very well be using 1918 addressing in between and you'd have no idea.
And the network is broken.
People persist in blocking ICMP and then complain when things don't work right. Even if you explain why blocking ICMP is breaking something, they say "ICMP is evil and we have to block it". OK. they are broken and when things don't work, they need to tell their customers that they are choosing to run a network that does not work correctly. (Not that I expect anyone to do this.)
I don't see anything "tough" about this call.
When the RFC's are broken, then what do you do? RFC's are to be followed if one can operate one's network under those constraints. Often times, RFC's don't take into account real world considerations. For instance: The "rule" that there should be only one root server network does not provide a solution to the problem of a corrupt monopoly gaining control over that one root server network (as is the case now). ----- Original Message ----- From: "Petri Helenius" <pete@he.iki.fi> To: "Dave Temkin" <dave@ordinaryworld.com>; "Kevin Oberman" <oberman@es.net> Cc: "Lyndon Nerenberg" <lyndon@orthanc.ab.ca>; "David Schwartz" <davids@webmaster.com>; <variable@ednet.co.uk>; <nanog@merit.edu> Sent: Wednesday, July 23, 2003 13:19 Subject: Re: rfc1918 ignorant
Unless of course I block ICMP for the purposes of denying traceroute but still allow DF/etc. Then it's not "broken" as you say.
Sure, but people "blocking all ICMP" haven´t usually heard that there are different types and codes in ICMP.
It´s surprising how many large www sites do not work if your MTU is less than 1500. Even if you do PMTU. (because the packets vanish somewhere before or at the server).
Pete
-- David Temkin
On Wed, 23 Jul 2003, Kevin Oberman wrote:
Date: Wed, 23 Jul 2003 13:50:05 -0400 (EDT) From: Dave Temkin <dave@ordinaryworld.com> Sender: owner-nanog@merit.edu
Needs is a tough call. Plenty of networks block ICMP at the border and could very well be using 1918 addressing in between and you'd have no idea.
And the network is broken.
People persist in blocking ICMP and then complain when things don't work right. Even if you explain why blocking ICMP is breaking something, they say "ICMP is evil and we have to block it". OK. they are broken and when things don't work, they need to tell their customers that they are choosing to run a network that does not work correctly. (Not that I expect anyone to do this.)
I don't see anything "tough" about this call.
When the RFC's are broken, then what do you do?
If negotiations fail, you revolt and overthrow the corrupt governing body. If applicable, add overseas occupation forces :)
RFC's are to be followed if one can operate one's network under those constraints. Often times, RFC's don't take into account real world considerations.
Unfortunately putting the non-rfc-compliant out of business would require distributing clue to the buyers, which has been tried and usually fails.
For instance: The "rule" that there should be only one root server network does not provide a solution to the problem of a corrupt monopoly gaining control over that one root server network (as is the case now).
You sure have filed drafts how this should be corrected, specially those which do not specify two roots, yours and theirs? Pete
participants (4)
-
Dave Temkin
-
John Palmer
-
Kevin Oberman
-
Petri Helenius