[107035] in North American Network Operators' Group
Re: IP Fragmentation
daemon@ATHENA.MIT.EDU (Colin Alston)
Wed Aug 20 14:57:43 2008
Date: Wed, 20 Aug 2008 20:57:21 +0200
From: Colin Alston <karnaugh@karnaugh.za.net>
To: Valdis.Kletnieks@vt.edu
In-Reply-To: <20580.1219255453@turing-police.cc.vt.edu>
X-MailScanner-From: karnaugh@karnaugh.za.net
Cc: OPS Gurus <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
On 2008/08/20 08:04 PM Valdis.Kletnieks@vt.edu wrote:
> On Wed, 20 Aug 2008 21:43:44 +0530, Glen Kent said:
>> Do transit routers in the wild actually get to do IP fragmentation
>> these days? I was wondering if routers actually do it or not, because
>> the source usually discovers the path MTU and sends its data with the
>> least supported MTU. Is this true?
>
> Hypothetically true. Unfortunately, enough places do bozo firewalling and drop
> the ICMP Frag Needed packets to severely limit the utility of PMTU Discovery.
>
Well obviously, ICMP is only used by hackers to DDoS you. Everyone
knows that, especially all the banks. It's even more important to
obliterate PMTU discovery when you're using HTTPS - for security, you
know.
Sorry, I spent the better part of today bashing my head against the
wall trying to fix MSS and PMTU issues somewhere which was being
aggravated by the tragic programming of Linux l2tpns package...
