[104349] in North American Network Operators' Group
Re: [NANOG] Microsoft.com PMTUD black hole?
daemon@ATHENA.MIT.EDU (Nathan Anderson/FSR)
Wed May 7 17:08:26 2008
Date: Wed, 07 May 2008 14:08:22 -0700
From: Nathan Anderson/FSR <nathana@fsr.com>
To: nanog@merit.edu
In-Reply-To: <70D072392E56884193E3D2DE09C097A9F137@pascal.zaphodb.org>
Errors-To: nanog-bounces@nanog.org
Tomas L. Byrnes wrote:
> The remedy you have below is NOT the only one, and is, in fact, a
> non-sequitur in this case.
How so? Iljitsch is suggesting that ICMP blockers originate packets
without DF set if they are going to block the ICMP messages that PMTUD
needs in order to work in the first place. That's what (I think) he
means by "disabling path MTU discovery."
> The network-level solution to ping of death is to BLOCK fragmented
> packets, and the way to ensure this doesn't self-deny-service is to
> perform PMTUD and Black-Hole Router discovery.
Which end are you talking about here, the servers or the client? If the
servers, how do you expect them to do PMTUD if they _can't hear the ICMP
messages_?
Also, for some reason, as I pointed out before, XP black hole router
discovery doesn't seem to be working for me for whatever reason. Does
anybody have any clue why that might be the case?
--
Nathan Anderson
First Step Internet, LLC
nathana@fsr.com
_______________________________________________
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
