rfc 1812 third party address on traceroute

Randy Bush randy at psg.com
Mon Jun 6 01:39:11 UTC 2016


> is anyone seeing the dreaded rfc1812 behavior in a citable fashion?  how
> common is it?

we verified that the juniper and cisco platforms we tested replied with
the source address being the ingress interface.  this is, imiho, good.

a kind soul actually sent citable tests

> At least my MikroTik RB850Gx2, running 'latest stable' (RouterOS
> v6.32.2) replies with the outbound interface, not the inbound.
> 
> I'd assume this is because by default, icmp_errors_use_inbound_ifaddr in
> linux is disabled, and they haven't changed the default.
> 
> No idea if that can be tweaked in the weird maze of mikrotik config options.

and from the same kind engineer

> And just to add even more inconsistency, I checked on my Ubiquiti
> EdgeMax (a VyOS fork) which does let me check the state of sysctls:
> 
> router:/etc/sysctl.d$ cat 30-vyatta-router.conf
> <snip>
> # Send ICMP responses with primary address of exiting interface
> net.ipv4.icmp_errors_use_inbound_ifaddr=1
> </snip>
> 
> So someone in Vyatta decided to explictly set this to be enabled.

so one win and one loss

randy



More information about the NANOG mailing list