Re: IPIP Tunnelling.

Daniel G. Linder (dlinder@zeus.webcentric.net)
Thu, 14 Aug 1997 14:26:09 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Daniel G. Linder: "Re: looped root filesystem"
Previous message: Doug Ledford: "Re: pre-5 Aiih!"

kuznet@ms2.inr.ac.ru said:
> I'd not believe rfc2003 very much. Seems, this document is pretty
> raw. F.e. ttl handling proposed there contradicts to robusteness
> principle: it proposes to allow to set it to preconfigured value.
> Well, I did it... It was the only case in my practice when I managed
> to kill Cisco :-). When tunnels loop it look like Big Bang.

David Woodhouse <D.W.Woodhouse@nortel.co.uk> wrote:
> Hmmm. Setting the ttl to the same as in the encapsulated packet kills
> traceroute a bit. Why can't we just refuse to IP-encapsulate any packets which
> are already IP-encapsulated?
> Slightly more reasonably, we could have the tunnel driver go through the IPIP
> headers one by one until it reaches the real IP packet in the middle, and
> refuse to package it if it has ever been sent out by this tunnel device.

A multiple-encapsulated IP packet could be found if an ISP is using
a Linux box as a router on a Virtual Private Network (VPN) and one of
their users is using that ISP to setup their own VPN... Granted, this is
a small case but could easily come up.

How much overhead are we going to add if we have the system look at each
packet to determine if it is an encapsulated packet, dis-assemble it, and
recursively go into that packets data to see where it's going???

Dan

--
Daniel Linder W:(402) 393-3997 C:(402) 490-1673 P:(402) 579-1615
National / TechTeam WebCentric
www.webcentric.net / www.techteam.com
'69 Corvette  /  '95 Grand Prix GTP
Ask me about Crutchfield's *great* return policy!

Next message: Daniel G. Linder: "Re: looped root filesystem"
Previous message: Doug Ledford: "Re: pre-5 Aiih!"