Re: How to find initiating host address?

[Richard Johnson <raj@CISCO.COM>]

Harald Tveit Alvestrand writes:
> Strengthens my point made repeatedly over the last 5 years that there needs 
> to be some way applications can make even a half-hearted guess at network 
> metrics - if there isn't an architecturally clean way, people will find 
> other ways.

I've been thinking about this for a while as well.  Cisco's
DistributedDirector product has this same problem.  Since ping's
almost never make it through the firewall, a lot of people try to use
a traceroute method, hoping to at least get an RTT to the last system
long the path which will respond.  This takes a LOT longer than a
ping, however, and also results in a LOT more traffic on the net.

My simple-minded, first-cut proposal would be either an option to the
ICMP echo, or another type of ICMP echo which, basically, says, "if
you're planning on dropping this packet, please do me the service of
sending me a reply from from yourself".  This means you could send
this new type of ping packet toward your destination and if a firewall 
decided to drop it, they would (hopefully) send you back a response
saying, "I've dropped your packet, but here's my reply instead".  Now
you have exactly the same information you have gotten from the
traceroute, much faster than traceroute and without all of the network 
traffic.

Yes, I know it would take years get this standardized and implemented
enough to be useful, but if we don't start the process soon, it'll
take longer.

Yes, I know this doesn't give you the RTT to your destination, but I
submit that firewall people will *never* give you that information
anyway (for security reasons), and this is the best you're going to
get, so you may as well get it quickly and easily.

I'll shut up now.  :-)

/raj