[Xorp-users] ospf4 ip-router-alert option

Michael Fox michael.fox at vyatta.com
Wed May 9 15:45:58 PDT 2007 

Pavlin,

Thanks for the clarification.

Follow-up question:

Since, going forward, your fix will set the IP TOS bits correctly 
(IPTOS_PREC_INTERNETCONTROL ) for all OSPF packets, then is there a purpose 
for the ip-router-alert option in the OSPF configuration (ospf4 and ospf6)? 
If not, then will this option be deprecated in future versions?

Michael

-----Original Message-----
From: Pavlin Radoslavov [mailto:pavlin at icir.org]
Sent: Wednesday, May 09, 2007 3:31 PM
To: Michael Fox
Cc: 'Pavlin Radoslavov'; 'Hasso Tepper'; xorp-users at xorp.org
Subject: Re: [Xorp-users] ospf4 ip-router-alert option

Michael Fox <michael.fox at vyatta.com> wrote:

> Thanks.
>
> So, to make sure I understand the situation properly, it sounds like:
>
> 1)  OSPF was NOT setting IPTOS_PREC_INTERNETCONTROL unless the
> ip-router-alert option in the OSPF configuration was set.  This was NOT
> correct behavior and Pavlin has committed a fix to correct this situation.
>
> 2)  If that is true, then, in the interim, users SHOULD ENABLE the
> ip-router-alert option for OSPF (default is disabled).
>
> Please correct if I got it wrong.

Yes, OSPF was not setting IPTOS_PREC_INTERNETCONTROL unless the
ip-router-alert option was set.

However, for most practical purpose there is no need to enable
the ip-router-alert option just to get the IP TOS bits set.
The TOS bits would matter only if you have diffserv or something
like that and even then you would need them only in certain
circumstances.

Regards,
Pavlin

>
> Thanks,
> Michael
>
>
> -----Original Message-----
> From: Pavlin Radoslavov [mailto:pavlin at icir.org]
> Sent: Tuesday, May 08, 2007 12:40 PM
> To: Hasso Tepper
> Cc: xorp-users at xorp.org; Michael Fox
> Subject: Re: [Xorp-users] ospf4 ip-router-alert option
>
> Hasso Tepper <hasso at estpak.ee> wrote:
>
> > Michael Fox wrote:
> > > Can someone explain the specific function/behavior of the
> > > "ip-router-alert
> > > option" in ospf4?
> > >
> > > The XORP v1.4 User Manual mentions that setting this to TRUE will put
> > > the
> > > IP router alert option in all transmitted packets.  (Since this is an
> > > OSPF
> > > configuration parameter, I presume that the documentation really means
> > > to
> > > say ".in all transmitted OSPF packets").
> > >
> > > RFC 2113 (IP Router Alert Option RFC) mentions examples of usage of 
> > > the
> > > option with RSVP and IGMP.
> > >
> > > I can find no mention elsewhere of the use of the IP router alert 
> > > option
> > > with OSPF and OSPF doesn't seem to need this option.
> >
> > Me neither and I don't need any need as well. IP router alert is for 
> > cases
> > where routers need to inspect packets not addressed for them directly. I
> > don't see any need for that in OSPF.
> >
> > > So, the question is:  what specifically does this option do and under
> > > what
> > > circumstances does this option need to be enabled in the OSPF4
> > > configuration?
> >
> > Note that there is one point to enable it with current code though - if
> > router alert option is enabled, IPTOS_PREC_INTERNETCONTROL is also set
> > (see
> > RawSocket::proto_socket_write()). But I fail to see logic in this as
> > well -
> > IPTOS_PREC_INTERNETCONTROL MUST be used for all routing protocols
> > regardless
> > of any settings. I don't see any reason not to do that. And if you 
> > don't,
> > it makes your network very likely vulnerable to dos attacks.
>
> I think you are right about the usage of IPTOS_PREC_INTERNETCONTROL.
> I just committed a fix to CVS so now there is a separate flag that
> is used as appropriate to set ip_tos in the IPv4 header to
> IPTOS_PREC_INTERNETCONTROL.
>
> About the usage of Router Alert in OSPF (which BTW is disabled by
> default), my guess is that it is leftover from earlier versions of
> the transmission code.
> I will leave it to Atanu to confirm that we really don't need it and
> should be removed.
>
> Thanks,
> Pavlin
>
> >
> > regards,
> >
> > -- 
> > Hasso Tepper
> > Elion Enterprises Ltd. [AS3249]
> > IP & Data Networking Expert
> >
> > _______________________________________________
> > Xorp-users mailing list
> > Xorp-users at xorp.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users
>
> _______________________________________________
> Xorp-users mailing list
> Xorp-users at xorp.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users

More information about the Xorp-users mailing list