From: rjonathan@hotpop.com
Date: Tue Oct 15 2002 - 22:59:39 GMT-3
Hi Frank and Seadon,
I've done a quick search on RIP RFC 1058 regarding the
validate-update-source.
Below are my findings from the RFC regarding the source validation.
"Because processing of a response may update the host's routing table,
the response must be checked carefully for validity. The response
must be ignored if it is not from port 520. The IP source address
should be checked to see whether the datagram is from a valid
neighbor. The source of the datagram must be on a directly-connected
network. It is also worth checking to see whether the response is
from one of the host's own addresses. Interfaces on broadcast
networks may receive copies of their own broadcasts immediately. If
a host processes its own output as new input, confusion is likely,
and such datagrams must be ignored (except as discussed in the next
paragraph)."
Based on the above, when you configured DDR (either legacy or w/ dialer
profiles) the dialer interfaces of both end are usually in the same subnet
right (unless,of course,using ip unnumbered or wrong configuration) ?
One end will see the other end as a directly connected network and I think
it should pass the validation rule above.
So I still don't understand why CCO Doc required you to turn off validate-
update-source ? And when I lab it the DDR and RIP seemed to work well
without
turning off validate-update-source.
Anyone got any idea ??
Thanks.
Ronny
Original Message:
-----------------
From: seadon seadon@attbi.com
Date: Tue, 15 Oct 2002 13:19:09 -0700
To: rjonathan@hotpop.com, ccielab@groupstudy.com
Subject: Re: RIP & DDR
Disable validation of source addresses refers to "no
validate-update-source" documented further down on the same link's page. It
disables validating the source address for rip and other routing (not routed
as stated) protocols. Probably has to do with the source address seen
during spoofing or something like that for DDR links. At least thats what
my research came up with.
Don
----- Original Message -----
From: <rjonathan@hotpop.com>
To: <ccielab@groupstudy.com>
Sent: Monday, October 14, 2002 7:05 PM
Subject: RIP & DDR
> Dear Group,
>
> In the CCO,
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/dial
ts_c/dtsprt5/dcdhwddr.htm#xtocid2946516
>
> It stated that, when you configured DDR, at minimum we "must"
> disable validation of source address.
>
> What is the mechanism of validating source-ip address ?
> Is it done by validating the reachability of the source ip address ?
> Or is it done by comparing the source ip address with the subnet where the
> routing updates come from ?
> Or may be by other methods ?
>
> And why should we disable validation of source address when configuring
DDR
> ?
>
> I'm a bit confused and can't find detailed explanation on this thing.
>
> Appreciate if anyone can shed some light of point me to good resource.
>
> Thanks in advance.
>
> Regards,
> Ronny
>
> --------------------------------------------------------------------
> mail2web - Check your email from the web at
> http://mail2web.com/ .
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:47 GMT-3