Clearing DF bits...

[Warren Kumari <warren () kumari net>]

Hi there all,

Years ago it used to be a somewhat common practice to clear the DF bit on packets, either on all packets, or just on 
those that that you were going to shove through a tunnel (I think the netscreen command was something like "set vpn foo 
df-bit clear", cisco had something funky with policy routing IIRC,etc).

This was done both to deal with multiple encapsulations and for the folk that block all ICMP for "security reasons".

Is this practice still common / do you know of anyone still doing it?

W