jpeck@hpspdra.HP.COM (Joe Peck) (08/29/89)
I have a few question about IP options. How often are they used? How common is it to see IP frames with options in the header? What programs cause IP options to be used? I know that there is a version of PING that supports the IP Record Route option. What other programs invoke IP options? Do most or all IP implementations support IP options? I don't want to start any finger pointing, I'm just interested in whether the majority do or don't provide option support. Thanks, Joe Peck
cire@CISCO.COM (cire|eric) (08/29/89)
>> Date: 28 Aug 89 17:39:37 GMT >> From: hpl-opus!hpspdra!jpeck@hplabs.hp.com (Joe Peck) >> Subject: Does anyone use IP options? >> >> I have a few question about IP options. >> >> How often are they used? How common is it to see IP frames >> with options in the header? It isn't very common. There was a time when certain options in the packet would cause certain hosts to crash. >> What programs cause IP options to be used? I know that there >> is a version of PING that supports the IP Record Route option. >> What other programs invoke IP options? It is entirely up to the OS implementation to allow access to that level. Most do not. SUNOS does provide the interfaces and there are a number of administration tools that exist that take advantage (ie. traceroute). cisco routers provide the functionality for ping via the extended commands. Various things can be specified including Loose Source Route, Strict Source Route, Record Route, and Time stamp. >> Do most or all IP implementations support IP options? I don't >> want to start any finger pointing, I'm just interested in >> whether the majority do or don't provide option support. >> It depends on the implementation. I haven't heard of a crash blamed on options in quite a while so I suspect that most implementations coexist peacefully. >> >> Thanks, >> >> Joe Peck -c cire|eric Eric B. Decker cisco Systems - engineering Menlo Park, California email: cire@cisco.com uSnail: 1360 Willow Rd., Menlo Park, CA 94025 Phone : (415) 326-1941
cpw%sneezy@LANL.GOV (C. Philip Wood) (08/29/89)
Joe, Los Alamos National Laboratory is requiring network source from workstation vendors in order to incorporate the extended security option in workstations which communicate with our Central Computing Facility (CCF). SunOS 4.x, VAX BSD4.3 and CRAY UNICOS kernels have been modified so far. The option must be copied on fragmentation and is used in all packets which pass through the CCF router(s). Consequently, we need a mechanism which allows us to set up this feature during an initial authentication session for a user, as well as incorporate the option in every IP packet no matter what the IP based application (Telnet, NeWS, X-Windows, etc.). Also, server(remote) initiated applications (such as X or NeWS) require that the option be incorporated for the duration of a session by the client(local) applications peer. Think full duplex. None of the software we have looked at (maybe with the exception of FTP, Inc.) allows for other options besides source routing. Also, it is more difficult to incorporate in UDP based applications, at least on 4.3BSD based systems. Phil Wood, cpw@lanl.gov
pprindev@wellfleet.com (Philip Prindeville) (08/29/89)
> How often are they used? How common is it to see IP frames > with options in the header? Perhaps some MERIT people can tell us if they have collected any data using NNSTAT. > ... > Do most or all IP implementations support IP options? I don't > want to start any finger pointing, I'm just interested in > whether the majority do or don't provide option support. The implementation of options is mandatory (in RFC-790). However, some hosts don't implement it correctly (like 4.2 systems crash on LSRR options or misinterpret the ordering of the LSRR field) and several PC implementations don't include options (but then what do you expect from a PC?). There was an RFC-to-be circulating about a year (or so) ago describing the interpretation of LSRR/SSRR. It never came out, which is a bit of a shame. Perhaps Jon can resurrect it? -Philip
kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) (08/30/89)
In article <8908290825.AA23996@ucbvax.Berkeley.EDU> cire@CISCO.COM (cire|eric) writes: > >It depends on the implementation. I haven't heard of a crash blamed on >options in quite a while so I suspect that most implementations coexist >peacefully. > That's what I thought, too, until someone new to NEARnet went out a couple of months ago and accidentally crashed an old jvncnet vax router in our backyard named coventry.mit.edu, using record route or source route, from one of our cisco routers. Fortunately for me, I had hesitated to explore much with these options based on the sage advice of my colleagues here at BU. :-) At any rate, still somewhat of a surprise, given that coventry was such a strategic resource. Fortunately, while coventry still lives, it no longer routes, so if it continues to crash it has little effect. Sorry, Dave, don't know if it is available to run network time protocols. BTW, if I can interject a little operational comment in this list, those of you experiencing severe difficulty in reaching us up here is the Northeast (NEARnet country) should be finding things much better these days, after some critical, chronic problems were dispatched this week. (I knew I shouldn't have said anything! All my snmpxmon displays just went dotted! :-) Thanks to those who took the trouble to sent us reports from faraway. --Kent England, Boston U, etc
dls@mentor.cc.purdue.edu (David L Stevens) (08/30/89)
The current version of the NSC EN641 router code we have drops (not ignores, DROPS) packets with IP Record Route. Just to point out that even if your hosts do options, you might have troubles if your gateways (or someone else's) don't. Source route, record route, security compartment, etc. aren't very useful unless everyone you want to talk to and everyone in between honor them. We need a network death squad... "Youse gateway get outta line an' we gonna hit ya. Guido, show him what ICMP can do..." -- +-DLS (dls@mentor.cc.purdue.edu)
Dave_Katz@UM.CC.UMICH.EDU (08/31/89)
> > How often are they used? How common is it to see IP frames > > with options in the header? > Perhaps some MERIT people can tell us if they have collected > any data using NNSTAT. Merit does indeed use NNStat to track interesting things in the NSFnet backbone, but we do not currently gather statistics regarding the use of IP options.
pprindev@wellfleet.com (Philip Prindeville) (09/06/89)
> The current version of the NSC EN641 router code we have drops (not > ignores, DROPS) packets with IP Record Route. > Just to point out that even if your hosts do options, you might have > troubles if your gateways (or someone else's) don't. Source route, record > route, security compartment, etc. aren't very useful unless everyone you > want to talk to and everyone in between honor them. Version 5.10 is being prepared for release. It includes all the options (even MTU) except ESO/BSO. It should be available from NSC sometime in the next quarter. If you have arrangements for beta-testing with NSC, and you have an urgent need, this may be worth pursuing. -Philip
jpeck@hpspdra.HP.COM (Joe Peck) (09/06/89)
Thanks for all your responses. They confirmed my suspicions about how well options are handled by devices out there: some work, some don't, eventually the situation might improve. I'm just interested in traffic analysis, so you don't need to worry about me creating another IP implementation that doesn't handle options. I have the impression that the most commonly used IP options are the routing ones, Record Route, Loose Source Routing, and Strict Source Routing. Would anyone like to comment on this? Thanks again, Joe Peck
stev@VAX.FTP.COM (09/07/89)
look for the security options to show up more and more. "thats right, dont you dare look into this packet, its secure!" stev knowles stev@ftp.com "The only use I can see for IP security options is an Internet poker game." - William A. Brackenridg