Hi Keith,
On Sat, Oct 31, 2020 at 08:27:34PM -0600, Keith wrote:
I have scanned 3GPP documents for info on the GGSN IP network facing side, IIUC how the GGSN responds there is "out of scope"
I'd agree to that.
- I'm specifically wondering about sending ICMP host unreachable messages in
response to packets for IPs that are not currently active in the pool.
makes sense.
If so I would try to clean it up and submit to code review.
please do, thanks!
Also if in agreement, would it be worth making it switchable via a vty param? I am thinking of where one might not want the IP space to be probable, although I would assume that kind of thing is best left to the local firewall implementation.
I think the GGSN "function" should not implement firewall policy.
However, given that generating and discarding a potentially very large amount of ICMP host unreachable messages can consume a significant amount of resources, I guess a vty option might make sense.