[Xorp-users] ospf4 ip-router-alert option

Michael Fox michael.fox at vyatta.com
Tue May 8 19:27:12 PDT 2007 

Thanks.

So, to make sure I understand the situation properly, it sounds like:

1)  OSPF was NOT setting IPTOS_PREC_INTERNETCONTROL unless the 
ip-router-alert option in the OSPF configuration was set.  This was NOT 
correct behavior and Pavlin has committed a fix to correct this situation.

2)  If that is true, then, in the interim, users SHOULD ENABLE the 
ip-router-alert option for OSPF (default is disabled).

Please correct if I got it wrong.

Thanks,
Michael


-----Original Message-----
From: Pavlin Radoslavov [mailto:pavlin at icir.org]
Sent: Tuesday, May 08, 2007 12:40 PM
To: Hasso Tepper
Cc: xorp-users at xorp.org; Michael Fox
Subject: Re: [Xorp-users] ospf4 ip-router-alert option

Hasso Tepper <hasso at estpak.ee> wrote:

> Michael Fox wrote:
> > Can someone explain the specific function/behavior of the 
> > "ip-router-alert
> > option" in ospf4?
> >
> > The XORP v1.4 User Manual mentions that setting this to TRUE will put 
> > the
> > IP router alert option in all transmitted packets.  (Since this is an 
> > OSPF
> > configuration parameter, I presume that the documentation really means 
> > to
> > say ".in all transmitted OSPF packets").
> >
> > RFC 2113 (IP Router Alert Option RFC) mentions examples of usage of the
> > option with RSVP and IGMP.
> >
> > I can find no mention elsewhere of the use of the IP router alert option
> > with OSPF and OSPF doesn't seem to need this option.
>
> Me neither and I don't need any need as well. IP router alert is for cases
> where routers need to inspect packets not addressed for them directly. I
> don't see any need for that in OSPF.
>
> > So, the question is:  what specifically does this option do and under 
> > what
> > circumstances does this option need to be enabled in the OSPF4
> > configuration?
>
> Note that there is one point to enable it with current code though - if
> router alert option is enabled, IPTOS_PREC_INTERNETCONTROL is also set 
> (see
> RawSocket::proto_socket_write()). But I fail to see logic in this as 
> well -
> IPTOS_PREC_INTERNETCONTROL MUST be used for all routing protocols 
> regardless
> of any settings. I don't see any reason not to do that. And if you don't,
> it makes your network very likely vulnerable to dos attacks.

I think you are right about the usage of IPTOS_PREC_INTERNETCONTROL.
I just committed a fix to CVS so now there is a separate flag that
is used as appropriate to set ip_tos in the IPv4 header to
IPTOS_PREC_INTERNETCONTROL.

About the usage of Router Alert in OSPF (which BTW is disabled by
default), my guess is that it is leftover from earlier versions of
the transmission code.
I will leave it to Atanu to confirm that we really don't need it and
should be removed.

Thanks,
Pavlin

>
> regards,
>
> -- 
> Hasso Tepper
> Elion Enterprises Ltd. [AS3249]
> IP & Data Networking Expert
>
> _______________________________________________
> Xorp-users mailing list
> Xorp-users at xorp.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users

More information about the Xorp-users mailing list