[65601] in North American Network Operators' Group
Re: MTU path discovery and IPSec
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Dec 3 11:46:23 2003
Date: Wed, 03 Dec 2003 08:37:40 -0800
From: Owen DeLong <owen@delong.com>
To: "Steven M. Bellovin" <smb@research.att.com>, jgraun@comcast.net
Cc: nanog@merit.edu
In-Reply-To: <20031203161920.986787B43@berkshire.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
--==========02AA31FD0D8957BD6400==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
A subtle correction...
A router where all MTUs are the same will never have to fragement
anything. A router where all MTUs are >=3D1500 will probably not
need to fragment anything. However, it is possible to attach
a host via GIG-E or other media which supports jumbo frames
(Frame relay, for example) and need to fragment to support a
1500 octet MTU. Currently, this would be a rare occurrence, but,
it is possible in some circumstances. Eventually, if this assumption
were to circulate widely, it could have similar consequences to many
other errant assumptions on the internet.
Owen
--On Wednesday, December 3, 2003 11:19 AM -0500 "Steven M. Bellovin"=20
<smb@research.att.com> wrote:
>
> In message <120320031605.8838.1dea@comcast.net>, jgraun@comcast.net
> writes:
>>
>> Two questions:
>>
>> 1) I assume MTU path discovery has to been in enabled on each router in
>> the pa th in order for it work correctly?!
>
> No -- it only has to be enabled on routers with smaller outbound MTUs
> than inbound. A router for which all links have a 1500-byte MTU
> doesn't need path MTU discovery; it will never need to fragment
> anything.
>
> --Steve Bellovin, http://www.research.att.com/~smb
>
>
--=20
If it wasn't crypto-signed, it probably didn't come from me.
--==========02AA31FD0D8957BD6400==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
iD8DBQE/zhFYn5zKWQ/iqj0RAhITAJ0UX8CFCOwN3lOQ+S5t26mNhIn/pACeMXhy
jEH+X31loiUNRKNuj926cNk=
=NPjU
-----END PGP SIGNATURE-----
--==========02AA31FD0D8957BD6400==========--
