nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Smallest Transit MTU

From: "David Schwartz" <davids () webmaster com>
Date: Thu, 30 Dec 2004 17:42:44 -0800




It's not just that ECN isn't supported that is the problem, it's when
systems by default reject packets with reserved bits set.   While you
may pan ECN, it or something else that might enhance Internet protocols
like it in the future should typically be silently ignored by end hosts
that don't understand them so those experiments can at least take place.

John


        I, for one, do not agree. End hosts and firewalls *should* reject all
traffic they don't understand. It's precisely to prevent our unintentional
participation (as end hosts) in such 'experiments' that we deploy such
filters. The problem is when the policies are not maintained (or are
deployed in inappropriate places like transit networks), not that they exist
in the first place.

        IMO, it's negligent to configure a firewall to pass traffic whose meaning
is not known. Of course, it's also negligent to leave a firewall configured
to block traffic whose meaning is known and is known to be desirable and
harmless.

        DS
Previous By Date Next
Previous By Thread Next

Current thread: