From: grahn+nntp@snipabacken.se   
      
   On 03 Jun 2009 16:28:16 GMT, Casper H.S  Dik  wrote:   
   > David Schwartz  writes:   
   >   
   >>I can't figure out what you're talking about. What does "enable PMTU   
   >>on our end-points" mean? You mean enable PMTU detection? If the   
   >>endpoints do PMTU detection, it doesn't matter what the middle does.   
   >>The endpoints will figure out the largest packet that arrives   
   >>unfragmented.   
   >   
   > No, it requires that packets which are two big and which have DF set:   
   > 	will be dropped   
   > 	an ICMP message will be send.   
   > 	and the ICMP packet will make it to the sender   
   >   
   > In order for the link to support PMTU, all parts in the link must   
   > follow the RFCs, including the endpoint and firewalls which may   
   > drop all ICMP messages.   
      
   And then the question is, is this situation so common that you have to   
   care about it?   
      
   A network where something firewalls away important, low-rate ICMP   
   messages is, to me, not a real IP network.  And yet it seemed to me   
   when I googled recently that many people distrust PMTU. As in "oh,   
   that will never work. Let's implement this ugly kludge instead to   
   solve our fragmentation issues".   
      
   I remember when the first Linux kernel shipped with PMTU discovery   
   enabled by default. Some people had problems, and it turned out they   
   had a hop which was broken in one of the ways you describe above.   
      
   That was many years back (in 2000 or so?), and people laughed at the   
   vendors with broken routers *then*. Surely they would have fixed those   
   bugs by now?   
      
   /Jorgen   
      
   --   
     // Jorgen Grahn           R'lyeh wgah'nagl fhtagn!   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)