Re: 92 Byte ICMP Blocking Problem

[Chris Adams <cmadams () hiwaay net>]

Once upon a time, Steven M. Bellovin <smb () research att com> said:
> In message <20030912175258.GB616832 () hiwaay net>, Chris Adams writes:
> > Yes.  As soon as we put the policy route map in place, we had some
> > people unable to talk via SSH, SMTP, or POP3.  It was random: one person
> > here in the office couldn't SSH to a particular server.  He could SSH to
> > other servers, and the rest of us could SSH to the server he could not.
> > We had similar experiences with SMTP and POP3.  When we took the policy
> > route map back out, the problems went away.
> >
> > This is with IOS 12.0(25)S1 on a 7513 doing dCEF.  We put the policy
> > route map on the FE interface linking this router to the POP core
> > router; this router has MC-T3 interfaces and ethernets to Ascend TNTs
> > and such.  The intent was to stop the 92 byte ICMP echos from reaching
> > the Ascend TNTs, since several of them were rebooting constantly.
>
> I wonder if it's a Path MTU problem.  Can you turn off Path MTU on some 
> of the affected hosts and see if it solves the problem?

I don't have it in place anymore (because it caused more problems than
it fixed), so I can't test this.  In any case, the route map only
matched 92 byte ICMP echo and ICMP echo-reply packets, which is not what
PMTU uses, so it shouldn't have had a problem.  Also, I know that the
MTU along the path for the person in the office is the same all the way,
so PMTU shouldn't come into play there.
-- 
Chris Adams <cmadams () hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.