Certainly fixing all the buggy host stacks, firewall and compliance devices
to realize that ICMP isn't bad won't be hard.
Wait till you get started on fixing the security consultants.
Ack. I've yet to come across a *device* that doesn't deal properly with
packet too big. Lots (and lots
Hi,
Certainly fixing all the buggy host stacks, firewall and compliance devices
to realize that ICMP isn't bad won't be hard.
Wait till you get started on fixing the security consultants.
Ack. I've yet to come across a *device* that doesn't deal properly with
packet too big. Lots
On 2012-10-30 11:19, Sander Steffann wrote:
Hi,
Certainly fixing all the buggy host stacks, firewall and compliance
devices to realize that ICMP isn't bad won't be hard.
Wait till you get started on fixing the security consultants.
Ack. I've yet to come across a *device* that doesn't
Hi Chris,
-Original Message-
From: Chris Woodfield [mailto:rek...@semihuman.com]
Sent: Monday, October 29, 2012 4:40 PM
To: Templin, Fred L
Cc: William Herrin; Ray Soucy; NANOG list
Subject: Re: IP tunnel MTU
True, but it could be used as an alternative PMTUD algorithm - raise
...@boeing.com wrote:
Hi Roland,
-Original Message-
From: Dobbins, Roland [mailto:rdobb...@arbor.net]
Sent: Monday, October 22, 2012 6:49 PM
To: NANOG list
Subject: Re: IP tunnel MTU
On Oct 23, 2012, at 5:24 AM, Templin, Fred L wrote:
Since tunnels always reduce the effective MTU
, 2012 7:55 AM
To: Templin, Fred L
Cc: Dobbins, Roland; NANOG list
Subject: Re: IP tunnel MTU
The core issue here is TCP MSS. PMTUD is a dynamic process for
adjusting MSS, but requires that ICMP be permitted to negotiate the
connection. The realistic alternative, in a world that filters all
To: Templin, Fred L
Cc: Dobbins, Roland; NANOG list
Subject: Re: IP tunnel MTU
The core issue here is TCP MSS. PMTUD is a dynamic process for
adjusting MSS, but requires that ICMP be permitted to negotiate the
connection. The realistic alternative, in a world that filters all
ICMP traffic
[mailto:r...@maine.edu]
Sent: Monday, October 29, 2012 7:55 AM
To: Templin, Fred L
Cc: Dobbins, Roland; NANOG list
Subject: Re: IP tunnel MTU
The core issue here is TCP MSS. PMTUD is a dynamic process for
adjusting MSS, but requires that ICMP be permitted to negotiate the
connection
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network matured to the point where
inter-networking actually works (again), seamlessly.
I agree.
Joe
On Oct 29, 2012, at 3:46 PM, Joe Maimon jmai...@ttec.com wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network matured to the point where inter-networking
actually works (again),
On Mon, Oct 29, 2012 at 4:01 PM, Jared Mauch ja...@puck.nether.net wrote:
On Oct 29, 2012, at 3:46 PM, Joe Maimon jmai...@ttec.com wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network
On Mon, Oct 29, 2012 at 03:46:57PM -0400, Joe Maimon wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network matured to the point where
inter-networking actually works (again),
Jared Mauch wrote:
On Oct 29, 2012, at 3:46 PM, Joe Maimon jmai...@ttec.com wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network matured to the point where inter-networking
bmann...@vacation.karoshi.com wrote:
On Mon, Oct 29, 2012 at 03:46:57PM -0400, Joe Maimon wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
Essentially, its time the network matured to the point where
On Oct 29, 2012, at 4:43 PM, Joe Maimon jmai...@ttec.com wrote:
Jared Mauch wrote:
On Oct 29, 2012, at 3:46 PM, Joe Maimon jmai...@ttec.com wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
I wish you luck in getting your host IP stacks to work properly without
ICMP, especially as you deploy IPv6.
From what I've heard, ICMPv6 is already being filtered, including
PTBs. I have also heard that IPv6 fragments are also being dropped
unconditionally along some paths. So, if neither
Jared Mauch wrote:
ICMP is just not the way it is ever going to work.
I wish you luck in getting your host IP stacks to work properly without ICMP,
especially as you deploy IPv6.
- Jared
Precisely the state we are in. Looking for luck.
Joe
On Mon, Oct 29, 2012 at 04:44:40PM -0400, Joe Maimon wrote:
bmann...@vacation.karoshi.com wrote:
On Mon, Oct 29, 2012 at 03:46:57PM -0400, Joe Maimon wrote:
Templin, Fred L wrote:
Yes; I was aware of this. But, what I want to get to is
setting the tunnel MTU to infinity.
bmann...@vacation.karoshi.com wrote:
you mean its safe to turn off the VPNs?
/bill
Quite the reverse.
Joe
so its tunnels all the way down... maybe we should just go back to
a circuit oriented network, eh?
/bill
Its not safe to turn on VPNs.
Joe
On Mon, Oct 29, 2012 at 10:54 AM, Ray Soucy r...@maine.edu wrote:
The core issue here is TCP MSS. PMTUD is a dynamic process for
adjusting MSS, but requires that ICMP be permitted to negotiate the
connection. The realistic alternative, in a world that filters all
ICMP traffic, is to manually
Hi Bill,
Maybe something as simple as clearing the don't fragment flag and
adding a TCP option to report receipt of a fragmented packet along
with the fragment sizes back to the sender so he can adjust his mss to
avoid fragmentation.
That is in fact what SEAL is doing, but there is no
True, but it could be used as an alternative PMTUD algorithm - raise the
segment size and wait for the I got this as fragments option to show up...
Of course, this only works for IPv4. IPv6 users are SOL if something in the
middle is dropping ICMPv6.
-C
On Oct 29, 2012, at 4:02 PM, Templin,
Templin, Fred L wrote:
I wish you luck in getting your host IP stacks to work properly without
ICMP, especially as you deploy IPv6.
From what I've heard, ICMPv6 is already being filtered, including
PTBs.
As v6 PTBs are specified to be generated even against
multicast packets, it is of course
Hi Roland,
-Original Message-
From: Dobbins, Roland [mailto:rdobb...@arbor.net]
Sent: Monday, October 22, 2012 6:49 PM
To: NANOG list
Subject: Re: IP tunnel MTU
On Oct 23, 2012, at 5:24 AM, Templin, Fred L wrote:
Since tunnels always reduce the effective MTU seen by data
Hello,
Several months ago, there was discussion on the list regarding IP
tunnel maximum transmission unit (MTU). Since that time, it has been
brought to my attention by members of my company's network operations
staff that tunnel MTU is a very real problem they need to cope with
on a daily basis
On Oct 23, 2012, at 5:24 AM, Templin, Fred L wrote:
Since tunnels always reduce the effective MTU seen by data packets due to the
encapsulation overhead, the only two ways to accommodate
the tunnel MTU is either through the use of path MTU discovery or through
fragmentation and reassembly.
26 matches
Mail list logo