Hi there all,
Years ago it used to be a somewhat common practice to clear the DF bit on
packets, either on all packets, or just on those that that you were going to
shove through a tunnel (I think the netscreen command was something like set
vpn foo df-bit clear, cisco had something funky with policy routing IIRC,etc).
This was done both to deal with multiple encapsulations and for the folk that
block all ICMP for security reasons.
Is this practice still common / do you know of anyone still doing it?
W
