[140582] in North American Network Operators' Group
Clearing DF bits...
daemon@ATHENA.MIT.EDU (Warren Kumari)
Fri May 13 20:02:51 2011
From: Warren Kumari <warren@kumari.net>
Date: Fri, 13 May 2011 20:02:46 -0400
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi there all,
Years ago it used to be a somewhat common practice to clear the DF bit =
on packets, either on all packets, or just on those that that you were =
going to shove through a tunnel (I think the netscreen command was =
something like "set vpn foo df-bit clear", cisco had something funky =
with policy routing IIRC,etc).
This was done both to deal with multiple encapsulations and for the folk =
that block all ICMP for "security reasons".
Is this practice still common / do you know of anyone still doing it?
W=
