IP Options

2011-11-17 Thread harbor235
Is it just me or has there been an increase in packets with IP options set hitting our front door? There are ways to mitigate e.g. IP options selective discard, and ACL IP options support. ACL entries on the edge appear to be the best way identify and log the source. IP options selective discard

Re: IP Options

2011-11-17 Thread Christopher Morrow
got pcaps? On Thu, Nov 17, 2011 at 10:04 AM, harbor235 harbor...@gmail.com wrote: Is it just me or has there been an increase in packets with IP options set hitting our front door? There are ways to mitigate e.g. IP options selective discard, and ACL IP options support. ACL entries

Re: IP Options

2011-11-17 Thread harbor235
...@gmail.com wrote: got pcaps? On Thu, Nov 17, 2011 at 10:04 AM, harbor235 harbor...@gmail.com wrote: Is it just me or has there been an increase in packets with IP options set hitting our front door? There are ways to mitigate e.g. IP options selective discard, and ACL IP options support. ACL

Re: IP Options

2011-11-17 Thread Christopher Morrow
be painful :( Some vendor gear has 'no ip-options' as an option...(which is really, 'ignore ip options', I believe), some has the ability to filter based on option(s). -chris Mike On Thu, Nov 17, 2011 at 10:07 AM, Christopher Morrow morrowc.li...@gmail.com wrote: got pcaps? On Thu, Nov 17

Re: ip options

2009-11-04 Thread isabel dias
:-) - Original Message From: joel jaeggli joe...@bogus.com To: Ron Bonica rbon...@juniper.net Cc: nanog nanog@nanog.org Sent: Wed, November 4, 2009 3:41:26 AM Subject: Re: ip options How about unused and/or private/local diffserve code points? Ron Bonica wrote: Folks, I would

Re: ip options

2009-11-03 Thread Ron Bonica
Tosolini wrote: Experts, out of the well-known values for ip options: x...@r4# set ip-options ? Possible completions: range Range of values [Open a set of values any Any IP option loose-source-route Loose source route route

Re: ip options

2009-11-03 Thread joel jaeggli
? Ron (co-director IETF OM Area) Luca Tosolini wrote: Experts, out of the well-known values for ip options: x...@r4# set ip-options ? Possible completions: range Range of values [Open a set of values

ip options

2009-10-28 Thread Luca Tosolini
Experts, out of the well-known values for ip options: x...@r4# set ip-options ? Possible completions: range Range of values [Open a set of values any Any IP option loose-source-route Loose source route route-record Route

RE: ip options

2009-10-28 Thread Dario Ciccarone (dciccaro)
Tosolini [mailto:bit.gos...@chello.nl] Sent: Wednesday, October 28, 2009 3:06 PM To: nanog Subject: ip options Experts, out of the well-known values for ip options: x...@r4# set ip-options ? Possible completions: range Range of values [Open a set

Re: ip options

2009-10-28 Thread Roland Dobbins
On Oct 29, 2009, at 2:05 AM, Luca Tosolini wrote: Considering the security hazard that they imply, I am therefore thinking to drop them. You should certainly consider the impact on traceroute and possibly QoS (i.e., RSVP, if it's relevant) in your environment. Some vendors/platforms