1. Home
  2. Cisco Systems
  3. IP Options - alert packets?

IP Options - alert packets?

Hi group, Got a question about the IP Options field. I've noticed that all our switches are reporting packets with a IP Options field set to alert, this even happens with systems in our remote offices.

Below is a show ip traffic from a random floor switch after several months of uptime. I stumbled upon the the alert packets yesterday when I logged in to make a change.

If anyone has any ideas on what could be causing this or where I should start looking it would be appreciated.

show ip traffic

Rcvd: 1538485 total, 1538199 local destination 0 format errors, 0 checksum errors, 0 bad hop count 0 unknown protocol, 0 not a gateway 0 security failures, 0 bad options, 13940798 with options Opts: 0 end, 0 nop, 0 basic security, 0 loose source route 0 timestamp, 0 extended security, 0 record route 0 stream ID, 0 strict source route, 13940798 alert, 0 cipso 0 other

Reply to
PurpleServerMonkey
Loading thread data ...

This is from RFC 2113:

3.0 Impact on Other Protocols

For this option to be effective, its use must be mandated in protocols that expect routers to perform significant processing on packets not directly addressed to them. Currently such protocols include RSVP [1] and IGMP [2].

4.0 Security Considerations

If the Router Alert option is not set and should be set, the behavior of the protocol using the Router Alert, e.g., RSVP or IGMPv2, will be adversely affected since the protocol relies on the use of the Router Alert option.

Reply to
SAto

Which probably means all of the router alert packets get process switched ( read CPU hit)

so it would be a good idea to determine if this volum of packets with router alert enabled is valid.

Reply to
Merv

Thanks guys,

This makes sense as we are running IGMP for multicast traffic that is valid on the network. We use Cisco 2950 switches as our floor switches and I have enabled IGMPv2 on them but I didn't expect the IP options field to be set.

Since we aren't using multicast for a lot of traffic I don't mind it being process switched, my main concern was seeing a large value for the IP Options field that I expected to be zero.

Merv wrote:

Reply to
PurpleServerMonkey

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.