| Sounds reasonable to me. My point was that decrementing the IP TTL, | whether it be at each LSR or only at egress, should be a decision | that can be made by the provider. Well, in that case you also have to not copy the IP TTL into the tag TTL, but rather synthesize a new tag TTL, assuming the goal is not to end up with traceroute stars. I think this is insane, personally, but then Sprintlink in the past fell victim to devastating forwarding loops, both tight and loose; the latter were particularly bad, and so maybe I am "over sensitive". If you _really_ want to conceal one's network, why not just outright lie -- at your ingress LSR look for packets with low TTLs, and for ones that won't make it to their destinations, synthesize an ICMP time exceeded with your choice of source addresses. (cf the last paragraph of 2.14 in the current MPLS arch draft) Where this is not possible, you generate the lie as close as possible to the point where the ttl timeout would happen. Sean.
participants (1)
-
Sean M. Doran