Re: ip options

[joel jaeggli <joelja () bogus com>]

How about unused and/or private/local diffserve code points?


Ron Bonica wrote:
> Folks,
>
> I would love to see the IETF OPSEC WG publish a document on the pros and
> cons of filtering optioned packets.
>
> Would anybody on this list be willing to author an Internet Draft?
>
>                                      Ron
>                                      (co-director IETF O&M Area)
>
> Luca Tosolini wrote:
> > Experts,
> > out of the well-known values for ip options:
> >
> > X@r4# set ip-options ? 
> > Possible completions:
> >   <range>              Range of values
> >   [                    Open a set of values
> >   any                  Any IP option
> >   loose-source-route   Loose source route
> >   route-record         Route record
> >   router-alert         Router alert
> >   security             Security
> >   stream-id            Stream ID
> >   strict-source-route  Strict source route
> >   timestamp            Timestamp
> >
> > I can only think of:
> > - RSVP using router-alert
> > - ICMP using route-record, timestamp
> >
> > But I can not think of any other use of any other IP option.
> > Considering the security hazard that they imply, I am therefore thinking
> > to drop them.
> >
> > Is any other ip options used by: ospf, isis, bgp, ldp, igmp, pim, bfd?
> > Thanks,
> > Luca.