> this isnt the first time i have heard of a router refusing to fragment > udp.
There is theory, and there is practice. In practice, the following are true (in no particular order) * Some OS's (or NAT devices, or firewalls, or proxy agents, or load balancers, or ..) will tag all packets with "don't fragment" as part of their function. * Some NAT/routers/firewalls/proxies will not pass return ICMP messages. * More and more providers are now using MPLS (or IPSEC tunnels, or GRE tunnels, or ...) to enable new functionality (i.e. marketing opportunities), which on some platforms reduces the effective MTU to less than the ethernet MTU of 1500 somewhere along some paths (usually near the end user, since the backbones can usually handle the additional bytes of the label). * Almost all mainstream routers now do forwarding in hardware, but exceptional conditions (including fragmentation) are done in alternative (software) paths. * Almost all mainstream routers now have something in the hardware that limits control plane traffic "to protect the router". This includes generating "unreachables" and/or fragmenting packets. These limits tend to be (somewhat) low, since the control engine tends to be rather slow by current processor standards. This can substantially limit the amount of traffic that can get fragmented (either by control plane limiting, or simply by the time it takes to do the fragmenting). * Best Practices for most mainstream providers will not send (or severely limit) ICMP unreachables to protect the routing infrastructure (either with use of the control plane limits, or via other global values). * Some percentage of intermediate routers will use RFC1918 addressing, or unadvertised internal routing IP addresses. * Most mainstream providers use some form of IP address space validation, blocking traffic from invalid addresses (this is also considered an anti-SPAM measure). Non-advertised addresses (including the RFC1918 ones) are often considered invalid, even if the packet is an ICMP unreachable, which will drop the packet. One can talk about how some of these practices are "bad", or "wrong", or "stupid". That does not change the fact that they are, and that they are more likely to expand than be eliminated (have you not heard that the Internet is "The Web"?) And what this all says is that one should not depend on UDP fragmentation nor icmp unreachables to determine a paths current (or future, after rerouting) effective MTU. The common heuristics require occasional sending of packets (of various sizes) to determine the useful path MTU without (path) fragmentation, but one needs to consider that a low rate, the control plane limiting may still allow the router to fragment or send ICMP unreachables. It is only at the higher rates that the packets get dropped.
smime.p7s
Description: S/MIME cryptographic signature
