[76813] in North American Network Operators' Group
RE: Smallest Transit MTU
daemon@ATHENA.MIT.EDU (David Schwartz)
Thu Dec 30 20:43:21 2004
From: "David Schwartz" <davids@webmaster.com>
To: <nanog@merit.edu>
Date: Thu, 30 Dec 2004 17:42:44 -0800
In-Reply-To: <20041230104137.41a3b7f5@dsl017-022-068.chi1.dsl.speakeasy.net>
X-MDaemon-Deliver-To: nanog@merit.edu
Reply-To: davids@webmaster.com
Errors-To: owner-nanog-outgoing@merit.edu
> It's not just that ECN isn't supported that is the problem, it's when
> systems by default reject packets with reserved bits set. While you
> may pan ECN, it or something else that might enhance Internet protocols
> like it in the future should typically be silently ignored by end hosts
> that don't understand them so those experiments can at least take place.
>
> John
I, for one, do not agree. End hosts and firewalls *should* reject all
traffic they don't understand. It's precisely to prevent our unintentional
participation (as end hosts) in such 'experiments' that we deploy such
filters. The problem is when the policies are not maintained (or are
deployed in inappropriate places like transit networks), not that they exist
in the first place.
IMO, it's negligent to configure a firewall to pass traffic whose meaning
is not known. Of course, it's also negligent to leave a firewall configured
to block traffic whose meaning is known and is known to be desirable and
harmless.
DS
