nanog mailing list archives
Re: [NANOG] Microsoft.com PMTUD black hole?
From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Wed, 7 May 2008 12:43:49 -0700
I'm not sure what the issue is here. Just about every modern firewall I've used has an option to enable PMTU on interfaces, while blocking all other ICMP. Is MS not running something manufactured in the last 10 years at their perimeter?
-----Original Message----- From: Nathan Anderson/FSR [mailto:nathana () fsr com] Sent: Wednesday, May 07, 2008 12:39 PM To: Valdis.Kletnieks () vt edu Cc: nanog () merit edu Subject: Re: [NANOG] Microsoft.com PMTUD black hole? Valdis.Kletnieks () vt edu wrote:The usual case where you get screwed over is when therouter trying totoss the ICMP FRAG NEEDED is *behind* the ICMP-munchingfirewall. Andin case (2), you still can't assume that path MTU == local MTU, because your local MTU is likely 1500, and the fraggingrouter oftentrying to stuff your 1500 byte packet down an PPPoE tunnelthat's got an MTU of 1492.... Yes, but my point was precisely that one OR the other side (server OR client) is going to NOT have the ICMP-munching firewall in between itself and the "RITM" as I have affectionately been calling it (although it is definitely possible that there are two ICMP-munchers on either side of the RITM). And case #2 is exactly what is occurring right now _anyway_: hosts assume that path MTU == local MTU even if there is already an active PMTU cache entry from a recent earlier communication with the remote host. So I don't see how making that assumption _after_ making an honest attempt at actively determining whether or not it is actually the case is any more broken than they way things are already being done. The problem is that, as I realized at the end of the message you quoted, there are potentially multiple paths between the same two hosts, and the path that the packet takes in one direction is not guaranteed to be the same path that the packet takes in the opposite direction. -- Nathan Anderson First Step Internet, LLC nathana () fsr com _______________________________________________ NANOG mailing list NANOG () nanog org http://mailman.nanog.org/mailman/listinfo/nanog
_______________________________________________ NANOG mailing list NANOG () nanog org http://mailman.nanog.org/mailman/listinfo/nanog
Current thread:
- [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? (working with Microsoft on issues) Janet Sullivan (May 08)
- Re: [NANOG] Microsoft.com PMTUD black hole? (working with Microsoft on issues) Niels Bakker (May 08)
- <Possible follow-ups>
- Re: [NANOG] Microsoft.com PMTUD black hole? Brandon Butterworth (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? Iljitsch van Beijnum (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? Iljitsch van Beijnum (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 07)
- Message not available
- Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Tomas L. Byrnes (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Matthew Petach (May 12)
- Re: [NANOG] Microsoft.com PMTUD black hole? Iljitsch van Beijnum (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? (working with Microsoft on issues) Janet Sullivan (May 08)
- Message not available
- Re: [NANOG] Microsoft.com PMTUD black hole? Iljitsch van Beijnum (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? Bjørn Mork (May 07)
- Re: [NANOG] Microsoft.com PMTUD black hole? Tomas L. Byrnes (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? Marshall Eubanks (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 06)
- Re: [NANOG] Microsoft.com PMTUD black hole? Nathan Anderson/FSR (May 06)