RE: Problem of blocking ICMP packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> "Since a non-trivial number of network elements discard well-known
> ICMP packets the results of our tests do not offer hope for protocol
> designers proposing to use new ICMP messages to signal various
> network path properties to end systems (e.g., for explicit corruption
> notification, handoff or outage notification, etc.)."

Yes, this is a very serious issue. Very often, a server that is
configured for a service will open exactly the port necessary for that
service, and drop all other traffic. For example, a web server will
accept TCP packets sent to ports 80 and 443, but it will either drop
everything else, or be located behind a firewall that drops everything
else. 

This restriction affects the way we design protocol extensions. I see
that as an argument for "in-band" signaling, e.g. parameters in TCP
packets or in IP headers of TCP packets, by opposition to "out of band",
e.g. ICMP messages. 

-- Christian Huitema

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]