> Communications between IPv4 end points use PMTUD by setting a Don't Fragment > (DF) bit in the headers of the outgoing packet. If a router/server along the > path has a smaller MTU, it will drop that packet and respond with an ICMP > 'Destination Unreachable -- Fragmentation Needed' packet including its smaller > MTU value. Upon receiving this smaller packet value the initiating host will > dynamically reduce the size of the outgoing packets, until the packet arrives > at its intended destination. PMTUD should always be switched on in any well > behaving network implementation, but here's the rub: some network nodes, > firewalls, servers are configured to never respond with *any* ICMP packets > (because they think that this is a way to avoid DDoS problems and the like). > Therefore, the initiating host keeps sending large packets never knowing that > they are dropped on the way. This network problem is known as a PMTUD black > hole and is explained better here:
Could ICMP packets not getting through be to blame for my proxy server problem? My laptop can't seem to ping anyone (blocked at the firewall in this hotel I suppose) and certainly the proxy server can't ping my laptop. - Grant
