[52740] in North American Network Operators' Group
Re: Who does source address validation? (was Re: what's that smell?)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Oct 10 01:06:55 2002
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Wed, 09 Oct 2002 23:05:59 BST."
<Pine.LNX.4.21.0210092252340.21704-100000@MrServer>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 10 Oct 2002 01:06:15 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-493003426P
Content-Type: text/plain; charset=us-ascii
On Wed, 09 Oct 2002 23:05:59 BST, "Stephen J. Wilcox" said:
> On a related issue (pMTU) I recently discovered that using a link with MTU <
> 1500 breaks a massive chunk of the net - specifically mail and webservers who
> block all inbound icmp.. the servers assume 1500, send out the packets with DF
My personal pet peeve is the opposite - we'll try to use pMTU, some provider
along the way sees fit to run it through a tunnel, so the MTU there is 1460
instead of 1500 - and the chuckleheads number the tunnel endpoints out of
1918 space - so the 'ICMP Frag Needed' gets tossed at our border routers,
because we do both ingress and egress filtering. It's bad enough when all
the interfaces on the offending unit are 1918-space, but it's really annoying
when the critter has perfectly good non-1918 addresses it could use as
the source... Argh...
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_-493003426P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9pQrGcC3lWbTT17ARAlqyAJ9bfJ1Iz33+x7J4E9F6X+Ocg7oiQACg7Lsx
hkdrnpu/UF9U3snySvw8dbM=
=nHOh
-----END PGP SIGNATURE-----
--==_Exmh_-493003426P--
