nanog mailing list archives
Re: NIST and SP800-119
From: Jared Mauch <jared () puck nether net>
Date: Tue, 15 Feb 2011 16:31:07 -0500
On Feb 15, 2011, at 10:36 AM, William Herrin wrote:
On Tue, Feb 15, 2011 at 10:09 AM, Joe Abley <jabley () hopcount ca> wrote:On 2011-02-14, at 21:41, William Herrin wrote:On Mon, Feb 14, 2011 at 7:24 PM, TR Shaw <tshaw () oitc com> wrote:Just wondering what this community thinks of NIST in general and their SP800-119 ( http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf ) writeup about IPv6 in particular.Well, according to this document IPv4 path MTU discovery is, "optional, not widely used."Optional seems right. Have there been any recent studies on how widely pMTUd is actually used in v4?Hi Joe, Are you aware of a TCP implementation in an OS that shipped within the last decade but doesn't enable IPv4 pMTUd by default? Each version of Windows and all the major unixes use it on every TCP connection unless you explicitly turn it off.
IOS does not support it unless explicitly turned on. It will result in decreased network performance for some things (eg: BGP Updates) as the negotiated mss will be really small. They likely don't want to change some sacred default either as it would break other things. If you run larger than ~500 mtus internally, you may want to enable 'ip tcp path-mtu-discovery' and watch your BGP convergence improve significantly. Router#sh ip bgp neighbors | inc max data segment Broken setups will show something like this: Datagrams (max data segment is 1240 bytes): Datagrams (max data segment is 516 bytes): Datagrams (max data segment is 536 bytes): Others may show something much larger depending on your infrastructure. IMHO, path-mtu-discovery is REQUIRED, not optional. Anyone saying otherwise has a broken network and you should not give them your money. - Jared
Current thread:
- NIST and SP800-119 TR Shaw (Feb 14)
- Re: NIST and SP800-119 William Herrin (Feb 14)
- Re: NIST and SP800-119 Joe Abley (Feb 15)
- Re: NIST and SP800-119 William Herrin (Feb 15)
- Re: NIST and SP800-119 Joe Abley (Feb 15)
- Re: NIST and SP800-119 Steven Bellovin (Feb 15)
- Re: NIST and SP800-119 Mohacsi Janos (Feb 15)
- Re: NIST and SP800-119 Mans Nilsson (Feb 15)
- Re: NIST and SP800-119 Joe Abley (Feb 15)
- Re: NIST and SP800-119 Jared Mauch (Feb 15)
- Re: NIST and SP800-119 William Herrin (Feb 14)
- Re: NIST and SP800-119 Douglas Otis (Feb 15)
- Re: NIST and SP800-119 Joe Abley (Feb 16)
- Re: NIST and SP800-119 Douglas Otis (Feb 16)