Re: (PM) PM2ER/PM3 source address (fwd)

Dick St.Peters (stpeters@NetHeaven.com)
Sat, 31 Jan 1998 01:40:37 -0500

> >Problem: RADIUS and syslog packets from the PM2ER sent out the W1 port
> > have the ether0 address as their source address.
>
> Right. That is one of the core features of ALL of our products. Unit
> identity is defined by ether0. That is how it has always been, and a lot
> of ComOS is based on that. The unit is *defined* by ether0.

MZ, you couldn't be more wrong than on this issue.

The notion that a device's "identity" and IP address are somehow
wrapped up together is seriously flawed thinking. It was once an ok
idea for single-IP host devices, but it has always been a bogus
concept for routers capable of existing in more than one portion of
address space.

Witness the explicit OSPF distinction between OSPF router ID and IP
address. Both concepts are displayed in "show ospf neighbors". One
IP address does become the ID. However, only for interface(s) to
which it is assigned is it also the IP address. For the case of a
router used as CPE, it is acceptable that its OSPF ID be an IP address
in a customer's space for the verey reason that it is not used as the
IP address in OSPF.

When a device originates a packet, the packet should have as its
source address the address of the interface the packet goes out on
This is necessary for sane network management at the edges where
administrative realms change.

When a device responds to a packet, it should reply with a source
address equal to the destination interface address of the packet to
which it is responding.

> >PM3s do this too. Relatively unimportant things like pings from the
> >PMs get it right, with source address being that of the interface the
> >packet is sent out. Just the key admin things - things that most
>
> ICMP is the only protocol that uses the interface I believe,

You're mistaken; fortunately the PM gets lots of cases right:

On a PM, if you telnet out its WAN port, the source address is the WAN
port address. That's as it should be.

On a PM, if you rlogin out its WAN port, the source address is the WAN
port address, as it should be.

On a PM, if you ping out its WAN port, the source address is the WAN
port address, as it should be.

A PM uses the WAN port address as the source address when doing OSPF
interaction out the WAN port, as it should. I haven't checked, but
I'll bet it uses the WAN port address as the source address in RIP
packets too.

>From outside, if you traceroute through a PM, entering via the WAN
port, the returned packet source address is the WAN port address, as
it should be.

>From outside, if you ping the WAN port entering via either the WAN
port or the Ethernet port, the returned packet source address is the
WAN port address, as it should be.

Those are all correct behaviors, but not all is well. If from the
outside you telnet to the WAN port address, a PM responds with its
Ethernet address, breaking telnet. This is absolutely dead flat-out
wrong.

IP addresses do not identify devices, they identify interfaces.

--
Dick St.Peters, stpeters@NetHeaven.com 
Gatekeeper, NetHeaven, Saratoga Springs, NY, 1-800-910-6671 (voice)
Saratoga/Albany/Amsterdam/BlueMountain/Cobleskill/Greenwich/
GlensFalls/LakePlacid/NorthCreek/Plattsburgh/...
	  First Internet service based in the 518 area code
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.