ip options

Ron Bonica rbonica at juniper.net
Tue Nov 3 20:44:41 UTC 2009


I would love to see the IETF OPSEC WG publish a document on the pros and
cons of filtering optioned packets.

Would anybody on this list be willing to author an Internet Draft?

                                     (co-director IETF O&M Area)

Luca Tosolini wrote:
> Experts,
> out of the well-known values for ip options:
> X at r4# set ip-options ? 
> Possible completions:
>   <range>              Range of values
>   [                    Open a set of values
>   any                  Any IP option
>   loose-source-route   Loose source route
>   route-record         Route record
>   router-alert         Router alert
>   security             Security
>   stream-id            Stream ID
>   strict-source-route  Strict source route
>   timestamp            Timestamp
> I can only think of:
> - RSVP using router-alert
> - ICMP using route-record, timestamp
> But I can not think of any other use of any other IP option.
> Considering the security hazard that they imply, I am therefore thinking
> to drop them.
> Is any other ip options used by: ospf, isis, bgp, ldp, igmp, pim, bfd?
> Thanks,
> Luca.

More information about the NANOG mailing list