Hi William, Thanks for your response, my comments below: On 3/30/13, William Herrin <b...@herrin.us> wrote: > On Fri, Mar 29, 2013 at 11:21 PM, Alejandro Acosta > <alejandroacostaal...@gmail.com> wrote: >> On 3/29/13, Patrick <na...@haller.ws> wrote: >>> On 2013-03-29 14:49, William Herrin wrote: >>>> I've long thought router vendors should introduce a configuration >>>> option to specify the IP address from which ICMP errors are emitted >>>> rather than taking the interface address from which the packet causing >>>> the error was received. >>> >>> Concur. An 'ip(v6)? icmp source-interface loop0' sure beats running 'ip >>> unnumbered loop0' everywhere. ;) >> >> Why do you think it will be better?, can you explain? > > Hi Alejandro, > > Consider the alternatives: > > 1. Provide a router configuration option (per router and/or per > interface) to emit ICMP error messages from a specified IP address > rather than the interface address.
I imagine that and it sounds terrific. I guess at least this option should come disabled by default. > > 2. At every border, kick packets without an Internet-legitimate source > address up to the slow path for network address translation to a > source address which is valid. IMHO this can be achieved with the current behaviour. > > 3. Design your network so that any router with at least one network > interface whose IP address is not valid on the Internet has exactly > the same MTU on every interface, and at least an MTU of 1500 on all of > them, guaranteeing that the router will never emit a > fragmentation-needed message. And do this consistently. Every time. If you have pmtud enabled you won't need this every time > > 4. Redesign TCP so it doesn't rely on ICMP destination unreachable > messages to determine path MTU and get your new design deployed into > every piece of software on the Internet. You will have the same problem using only one output interface for ICMP error/messages. Of course based in your comments you mean you will need to troubleshoot this interface only once. > > 5. Accept that TCP will break unexpectedly due to lost > fragmentation-needed messages, presenting as a particularly nasty and > intermittent failure that's hard to track and harder to fix. Same answer as in 3. > > > Which do you find least offensive? None of them if offensive, I think this could be a nice feature to have but I hope it's disable by default. > > Regards, > Bill Herrin Thanks, Regards, Alejandro Acosta, > > > -- > William D. Herrin ................ her...@dirtside.com b...@herrin.us > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> > Falls Church, VA 22042-3004 >
