Re: NIST and SP800-119

[Jared Mauch <jared () puck nether net>]

On Feb 15, 2011, at 10:36 AM, William Herrin wrote:

> On Tue, Feb 15, 2011 at 10:09 AM, Joe Abley <jabley () hopcount ca> wrote:
> > On 2011-02-14, at 21:41, William Herrin wrote:
> > > On Mon, Feb 14, 2011 at 7:24 PM, TR Shaw <tshaw () oitc com> wrote:
> > > > Just wondering what this community thinks of NIST in
> > > > general and their SP800-119 (
> > > > http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf )
> > > > writeup about IPv6 in particular.
> > >
> > > Well, according to this document IPv4 path MTU discovery is,
> > > "optional, not widely used."
> >
> > Optional seems right. Have there been any recent studies on how widely pMTUd is actually used in v4?
>
> Hi Joe,
>
> Are you aware of a TCP implementation in an OS that shipped within the
> last decade but doesn't enable IPv4 pMTUd by default? Each version of
> Windows and all the major unixes use it on every TCP connection unless
> you explicitly turn it off.

IOS does not support it unless explicitly turned on.  It will result in decreased network performance for some things 
(eg: BGP Updates) as the negotiated mss will be really small.

They likely don't want to change some sacred default either as it would break other things.  If you run larger than 
~500 mtus internally, you may want to enable 'ip tcp path-mtu-discovery' and watch your BGP convergence improve 
significantly.

Router#sh ip bgp neighbors | inc max data segment

Broken setups will show something like this:
Datagrams (max data segment is 1240 bytes):
Datagrams (max data segment is 516 bytes):
Datagrams (max data segment is 536 bytes):

Others may show something much larger depending on your infrastructure.

IMHO, path-mtu-discovery is REQUIRED, not optional.  Anyone saying otherwise has a broken network and you should not 
give them your money.

- Jared