IETF Logo Mail Archive

Re: [Int-area] I-D Action: draft-shen-traceroute-ping-ext-03.txt

"Rajiv Asati (rajiva)" <rajiva@cisco.com> Thu, 05 January 2012 19:47 UTC

Return-Path: <rajiva@cisco.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59C1621F8872 for <int-area@ietfa.amsl.com>; Thu, 5 Jan 2012 11:47:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_47=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ANqzbtFxboUk for <int-area@ietfa.amsl.com>; Thu, 5 Jan 2012 11:47:02 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id 56F4D21F8866 for <int-area@ietf.org>; Thu, 5 Jan 2012 11:47:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=rajiva@cisco.com; l=4887; q=dns/txt; s=iport; t=1325792822; x=1327002422; h=mime-version:content-transfer-encoding:subject:date: message-id:in-reply-to:references:from:to:cc; bh=+96yGtSPo2Imwqk6vY0WNSbMohqPrpH+edLKdb5ypNA=; b=U+G7LdJXS6ChWNA+SS81/eO2hNsyORJyrXWbdnFYz+ScuTybreK2fXL9 x3BT7daElEzheGb29C4nV8ngd4d7iP4SEPchQPSVN17cm53awDjGloCSs QED5erUeC0bFCZKQdf3l0s+xzbB0GrJlOIQepW6Jn0ZguPjitLwNZCKaR k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiAFAE39BU+tJXG8/2dsb2JhbABCggWqeYEFgXIBAQEDAQEBAQ8BHQo0CwwEAgEIEQQBAQEKBhcBBgEmHwkIAQEEARIIGodYCJd/AZ4bBIsuYwSIOZ8h
X-IronPort-AV: E=Sophos;i="4.71,463,1320624000"; d="scan'208";a="49004746"
Received: from rcdn-core2-1.cisco.com ([173.37.113.188]) by rcdn-iport-1.cisco.com with ESMTP; 05 Jan 2012 19:47:02 +0000
Received: from xbh-rcd-202.cisco.com (xbh-rcd-202.cisco.com [72.163.62.201]) by rcdn-core2-1.cisco.com (8.14.3/8.14.3) with ESMTP id q05Jl1WM023869; Thu, 5 Jan 2012 19:47:01 GMT
Received: from xmb-rcd-111.cisco.com ([72.163.62.153]) by xbh-rcd-202.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 5 Jan 2012 13:47:01 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 05 Jan 2012 13:47:00 -0600
Message-ID: <067E6CE33034954AAC05C9EC85E2577C070D7261@XMB-RCD-111.cisco.com>
In-Reply-To: <AC0A74B6-6ABF-4611-8882-974E854FAADE@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Int-area] I-D Action: draft-shen-traceroute-ping-ext-03.txt
Thread-Index: AczLa+2TOjATsSZtRuWZNmHvfdcHkgAdbXsQ
References: <13205C286662DE4387D9AF3AC30EF456D74ED699B3@EMBX01-WF.jnpr.net><4F04B6B8.6030208@cisco.com><201201042243.q04Mhpk8014959@cichlid.raleigh.ibm.com><7E187243-EAB3-4814-A78C-56DCEAE2C67C@cisco.com><201201050024.q050OFw1016925@cichlid.raleigh.ibm.com> <AC0A74B6-6ABF-4611-8882-974E854FAADE@cisco.com>
From: "Rajiv Asati (rajiva)" <rajiva@cisco.com>
To: "Naiming Shen (naiming)" <naiming@cisco.com>, Thomas Narten <narten@us.ibm.com>
X-OriginalArrivalTime: 05 Jan 2012 19:47:01.0706 (UTC) FILETIME=[CB1462A0:01CCCBE2]
Cc: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>, int-area@ietf.org, Ronald Bonica <rbonica@juniper.net>
Subject: Re: [Int-area] I-D Action: draft-shen-traceroute-ping-ext-03.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2012 19:47:03 -0000

> > False assumption. The reason why *any* packet (i.e., any src/dest
> > address) would be used is precisely to debug problems related to
> > traffic between a particular src/dest pair, and that src/dest pair
may
> > not even belong to the ISP that gets a help desk call.

Is it really possible? 
I am not aware of any implementation that allows the source address of
the ping/traceroute packet to be any arbitrary number.
In fact, Most implementations limit the source address to be one of
those assigned to the device itself.

The point here is that if the helpdesk needs additional information from
their network devices during troubleshooting, then this proposal could
be useful.

Cheers,
Rajiv

> -----Original Message-----
> From: int-area-bounces@ietf.org [mailto:int-area-bounces@ietf.org] On
Behalf
> Of Naiming Shen (naiming)
> Sent: Thursday, January 05, 2012 12:36 AM
> To: Thomas Narten
> Cc: Carlos Pignataro (cpignata); int-area@ietf.org; Ronald Bonica
> Subject: Re: [Int-area] I-D Action:
draft-shen-traceroute-ping-ext-03.txt
> 
> 
> On Jan 4, 2012, at 4:24 PM, Thomas Narten wrote:
> 
> > Naiming Shen <naiming@cisco.com> writes:
> >>> Consequently, use of this technique may actually cause collateral
> >>> damage to existing, deployed applications. Maybe not a big risk,
but a
> >>> risk nonetheless.
> >
> >> This draft actually does not change those attributes. The current
> >> traceroute/ping application has already picked up those high port
> >> numbers, and already has used the source port and id field for some
> >> private number no one else cares. Let's say if this draft is using
a
> >> fixed location scheme, then there is no change to any of that.
> >
> > This draft doesn't introduce the problem, but it will likely make it
> > worse. I.e., if this draft is successful (which presumably is the
> > goal), more collateral damage may result. I.e, the more such packets
> > are generated, the more likely some will cause problems.
> 
> But the popular traceroute application is using a > 32K port#, so
those
> are not well-known ports, not used by well-known applications. In the
case
> of someone is using those ports (by destination), then the socket
addresses will
> not match,
> the receiver will send an different icmp error code back(instead of
port
> unreachable),
> those are the existing implementations, and works fine. this draft
does not
> change
> any of those, and unlikely causing problems.
> 
> 
> >
> >> Let's say if I'm using this extension in an particular ISP only
meant to get
> >> some private info for our management stations. First I think the
operator
> >> usually specify the destination to be within the range of the
network they
> >> want;
> >
> > False assumption. The reason why *any* packet (i.e., any src/dest
> > address) would be used is precisely to debug problems related to
> > traffic between a particular src/dest pair, and that src/dest pair
may
> > not even belong to the ISP that gets a help desk call.
> >
> 
> But we are just using exact the same traceroute/ping packets, only
with
> payload
> change with addition information. it's not going to affect any
> source/destination
> address or layer4 ports (those layer 4 ports are designed to be
incremented
> each
> additional ttl packets and they are random anyway) comparing to the
existing
> way.
> 
> > I.e., if you get a help desk call about some sort of packet loss or
> > unreachability for certain flows, you then generate trace packets
that
> > mimic those flows. If we could just use regular packets to debug
such
> > problems, we wouldn't need the proposed mechanism at all.
> >
> >> secondly, even if not, the packet actually goes off the network,
there
> >> is not much harm done, those off-net stations should not supply
those
> >> private information or they probably don't care.
> >
> > My concern isn't about the *response* messages leaking outside of
the
> > site, it's that the *probe* packets will leak. Those are the ones
that
> > could be delivered to a destination incorrectly, causing problems
for
> > the receiving application.
> 
> what I'm saying is, saying the probe is going outside the
network(off-net),
> it's just a ping packet, or a traceroute packet. yes it has some
request in the
> payload, but the receiver does not have to reply. it's like when I
send a SNMP
> query, but typed the host address wrong, the host can either not send
me back
> anything, or it can reply also if it does not really care who query
this
> information.
> but that is not a problem.
> 
> thanks.
> - Naiming
> 
> 
> >
> > Thomas
> >
> 
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email