I'm confused by something in the "A Practical Guide to (Correctly) Troubleshooting with Traceroute" which is referenced from the article.
Slide 8 titled "Traceroute – What Hops Are You Seeing?" says:
> By convenction, the ICMP is sourced from the ingress interface.
(I assume the author means "the source address of the ICMP message is the address of the ingress interface")
> Random factoid: This behavior is actually non-standard. RFC1812 says the ICMP source MUST be from the egress interface. If obeyed, this would prevent traceroute from working properly.
(I assume by "ICMP source" the author means "the source address of the ICMP message" because I don't see what else it can mean).
To clarify: from the text before that, and the drawing on the slide, the egress interface the author talks about is the egress interface the original message would have taken had its TTL not expired.
Now, I had a look at RFC 1812 (Requirements for IP Version 4 Routers) and I don't see where it says what that slide claims. The closest I can find is section 4.3.2.3 Original Message Header (https://www.rfc-editor.org/rfc/rfc1812#section-4.3.2.3) which says:
> Except where this document specifies otherwise, the IP source address in an ICMP message originated by the router MUST be one of the IP addresses associated with the physical interface over which the ICMP message is transmitted. If the interface has no IP addresses associated with it, the router's router-id (see Section [5.2.5]) is used instead.
To me that reads completely different from the claim on that slide (and also looks like I would have expected).
The author of the presentation seems more knowledgeable about networking details than I am, so it's very well possible that he's right and I'm misunderstanding something. Can anyone shed some light on that?
Slide 8 titled "Traceroute – What Hops Are You Seeing?" says:
> By convenction, the ICMP is sourced from the ingress interface.
(I assume the author means "the source address of the ICMP message is the address of the ingress interface")
> Random factoid: This behavior is actually non-standard. RFC1812 says the ICMP source MUST be from the egress interface. If obeyed, this would prevent traceroute from working properly.
(I assume by "ICMP source" the author means "the source address of the ICMP message" because I don't see what else it can mean).
To clarify: from the text before that, and the drawing on the slide, the egress interface the author talks about is the egress interface the original message would have taken had its TTL not expired.
Now, I had a look at RFC 1812 (Requirements for IP Version 4 Routers) and I don't see where it says what that slide claims. The closest I can find is section 4.3.2.3 Original Message Header (https://www.rfc-editor.org/rfc/rfc1812#section-4.3.2.3) which says:
> Except where this document specifies otherwise, the IP source address in an ICMP message originated by the router MUST be one of the IP addresses associated with the physical interface over which the ICMP message is transmitted. If the interface has no IP addresses associated with it, the router's router-id (see Section [5.2.5]) is used instead.
To me that reads completely different from the claim on that slide (and also looks like I would have expected).
The author of the presentation seems more knowledgeable about networking details than I am, so it's very well possible that he's right and I'm misunderstanding something. Can anyone shed some light on that?
References:
2016 version of the presentation as linked from the article: https://www.slideshare.net/slideshow/a-practical-guide-to-co...
Updated 2020 version as helpfully linked by 1xdevnet in comment https://news.ycombinator.com/item?id=42056734: https://storage.googleapis.com/site-media-prod/meetings/NANO...
RFC 1812: https://www.rfc-editor.org/rfc/rfc1812