|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Arjan Hulsebos <ahulsebos@corp.home.nl> To: "'Valdis.Kletnieks@vt.edu'" <Valdis.Kletnieks@vt.edu>, "'jgraun@comcast.net'" <jgraun@comcast.net> Cc: "'nanog@merit.edu'" <nanog@merit.edu> Date: Thu, 4 Dec 2003 19:18:45 +0100 Errors-To: owner-nanog-outgoing@merit.edu This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C3BA93.0E20FC6C Content-Type: text/plain > On Wed, 03 Dec 2003 16:05:39 GMT, jgraun@comcast.net said: > > > 1) I assume MTU path discovery has to been in enabled on > each router in the path in order for it work correctly?! > > Actually, no. All that's required is that: You also need an OS that does not set the DF-bit on every packet it sends out. IIRC, out-of-the-box Solaris 8 is excellent at doing that. No matter how many icmp messages it gets, it happily ignores them by insisting on sending out frames of 1500 bytes with the DF-bit set. Makes trouble-shooting IPSec connections, uhm.... interesting. Cheers, Arjan H --- This message is confidential and may be privileged. Any review, retransmission, dissemination or other use of, or taking any action with reference to this information by persons other than the intended recipient is prohibited. If you received this message in error, please notify the sender by reply e-mail and delete this message from all computers. Please note that e-mails are susceptible to change. The sender will not accept liability for the improper or incomplete transmission of the information contained in this message. ------_=_NextPart_001_01C3BA93.0E20FC6C Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DUS-ASCII"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2657.73"> <TITLE>RE: MTU path discovery and IPSec </TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>> On Wed, 03 Dec 2003 16:05:39 GMT, = jgraun@comcast.net said:</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> > 1) I assume MTU path discovery has to been = in enabled on </FONT> <BR><FONT SIZE=3D2>> each router in the path in order for it work = correctly?!</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Actually, no. All that's required is = that:</FONT> </P> <P><FONT SIZE=3D2>You also need an OS that does not set the DF-bit on = every packet it sends out. IIRC, out-of-the-box Solaris 8 is excellent = at doing that. No matter how many icmp messages it gets, it happily = ignores them by insisting on sending out frames of 1500 bytes with the = DF-bit set. Makes trouble-shooting IPSec connections, uhm.... = interesting.</FONT></P> <P><FONT SIZE=3D2>Cheers,</FONT> </P> <P><FONT SIZE=3D2>Arjan H</FONT> </P> <P>---=20 <BR>This message is confidential and may be privileged. Any review, = retransmission, dissemination or other use of, or taking any action = with reference to this information by persons other than the intended = recipient is prohibited. If you received this message in error, please = notify the sender by reply e-mail and delete this message from all = computers. Please note that e-mails are susceptible to change. The = sender will not accept liability for the improper or incomplete = transmission of the information contained in this message.</P> <BR> </BODY> </HTML> ------_=_NextPart_001_01C3BA93.0E20FC6C--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |