Am 26.12.2025 um 06:08:34 Uhr schrieb William Herrin: > That's not really on the list of Internet problems with PMTUD. Not a > lot of packets without the DF bit set any more. > > No, the problem is there's lots of reasons for that ICMP packet to > get dropped. > > * No valid route from the complaining router to the packet origin.
> IP is end-to-end. You're only supposed to have to guarantee routes > between the endpoints, not between the midpoints and endpoints. I do not understand that. If the router has a public routable address and either a default route to a router with full table, the packet should arrive. Otherwise a general routing problem exist. I am aware of such situations, but PMTU issues are just one of the many issues that are caused by this. > * Complaining router's interface is numbered with RFC1918. Then the NAT mechanism is failing, as there must not be non-global addresses traveling AS borders. The NAT ACL must include all used addresses that are non-global. > And I haven't even touched the stupid firewall admins who erroneously > block all ICMP "because it's ping." There are a lot of them. I know, but they create there own problems and there is no need that ISPs circumvent their self-made problems. > No, if you don't want the headache of having to deal with every goofy > little situation where PMTUD doesn't work and you _know_ you have a > link with an MTU under 1500 (common with ISPs using PPPOE to the > customer premise equipment) then you clamp the TCP MSS. You don't like > it. But you do it anyway because tech support hours are expensive and > that results in fewer of them. I've never seen that yet at the ISPs I use. -- Gruß Marco Send unsolicited bulk mail to [email protected]
pgpitkPDAAtt3.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/NZLMD3NCYJT7KXMFACE5AD5SDWJGC2HI/
