[52736] in North American Network Operators' Group
Re: Broken PMTU (was: Who does source address validation? (was
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Wed Oct 9 18:56:15 2002
Date: Thu, 10 Oct 2002 00:55:24 +0200 (CEST)
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.21.0210092252340.21704-100000@MrServer>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 9 Oct 2002, Stephen J. Wilcox wrote:
> On a related issue (pMTU) I recently discovered that using a link with MTU <
> 1500 breaks a massive chunk of the net - specifically mail and webservers who
> block all inbound icmp.. the servers assume 1500, send out the packets with DF
> set, they hit the link generating an icmp frag, icmp is filtered and data
> stops. Culprits included several major ISP/Telcos ... I'd love to tell the
> customer the link is fine its the rest of the Internet at fault but in the end I
> just forced the DF bit clear as a temp workaround before finally swapping out to
> MTU 1500!
I'm not going to say what I think of these people in order to avoid
another semi-flame fest, but limit my comments to:
You can also get around this by making the first hop the one with the
lowest MTU. This is no fun for ethernet-connected stuff, but for dial-up
this is easy. Then this box will announce a smaller TCP MSS when the
connection is established and there aren't any problems.
