Re: [Int-area] question about xping (draft-bonica-intarea-eping)

Wed, 29 Mar 2017 07:50:58 -0700 

Sowmini,

You have convinced me that there should be no information leaking at all. So, I 
think that the next version of the draft should enforce the following rules:

-  If the destination and probed interfaces are in the same VRF/routing 
instance/namespace, the ICMP Extended Echo Reply message will reflect the state 
of the probe interface
- Otherwise, the ICMP Extended Echo message will contain an error code 
indicating that the probed interface does not exist.

Do you agree?

                                    Ron


> -----Original Message-----
> From: Sowmini Varadhan [mailto:[email protected]]
> Sent: Tuesday, March 28, 2017 6:42 PM
> To: Ron Bonica <[email protected]>
> Cc: Reji Thomas <[email protected]>; [email protected];
> [email protected]; [email protected]
> Subject: Re: question about xping (draft-bonica-intarea-eping)
> 
> On (03/28/17 22:27), Ron Bonica wrote:
> > Good point! We addressed this in a previous version of the draft, but
> > accidentally dropped it from the current version.
> >
> > Our current thinking is:
> >
> > - If the destination and probed interfaces are in the same VRF, the
> > ICMP Extended Echo Reply message will reflect the state of the probed
> > interface
> > - If the destination interface is in the general or management VRF and
> > the probed interface is in another VRF, the ICMP Extended Echo Reply
> > message will reflect the state of the probed interface
> > - Otherwise, the ICMP Extended Echo message will contain an error code
> > indicating that the probed interface does not exist.
> >
> > I will add this back to the next revision of the draft.
> >
> 
> Ok, but what about other forms of VRF-like virtualization like network
> namespaces? Things can get a bit trickier here because the same ifname can
> exist in multiple virtual objects.
> 
> Also, interface ownership can be more blurry for some of these virtualization
> models like network namespaces- it's not always clear that the hypervisor
> ("default netns") owns the interface, when the interface is virtual.
> 
> --Sowmini

_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area

Reply via email to