[58382] in North American Network Operators' Group
Re: PMTU and Broken Servers
daemon@ATHENA.MIT.EDU (bdragon@gweep.net)
Sat May 10 19:18:54 2003
To: bicknell@ufp.org (Leo Bicknell)
Date: Sat, 10 May 2003 19:17:49 -0400 (EDT)
Cc: nanog@merit.edu
In-Reply-To: <20030508142948.GA91660@ussenterprise.ufp.org> from "Leo Bicknell" at May 08, 2003 10:29:48 AM
From: <bdragon@gweep.net>
Errors-To: owner-nanog-outgoing@merit.edu
> This is a new problem to me, but I'm sure people have run into it
> before. Are the servers really that broken (PMTU enabled, ICMP
> Can't Fragement filtered)? Does the head end box of DSL services
> generally do something to work around this (ie, clear the DF bit)?
> Am I just being an idiot and missing something obvious?
This is fairly common, since PMTU-D is generally enabled by deafult, and
for better or worse, many folks filter all ICMP, despite the bad effects
that can lead to.
I've had arguments with customers about their having a broken config, but
their unwillingness to believe it because "they haven't changed anything".
The only real workaround is to have a minimum MTU of 1500 across your network
including all encapsulation.
