nanog mailing list archives
Re: IP tunnel MTU
From: Jeroen Massar <jeroen () unfix org>
Date: Tue, 30 Oct 2012 11:23:21 +0100
On 2012-10-30 11:19, Sander Steffann wrote:
Hi,Certainly fixing all the buggy host stacks, firewall and compliance devices to realize that ICMP isn't bad won't be hard.Wait till you get started on "fixing" the "security" consultants.Ack. I've yet to come across a *device* that doesn't deal properly with "packet too big". Lots (and lots and lots) of "security" people, one or two applications, but no devices.I know of one: Juniper SSG and SRX boxes used to block IPv6 ICMP errors when the screening option 'big ICMP packets' was enabled because it blocked all (v4 and v6) ICMP packets bigger than 1024 bytes and IPv6 ICMP errors are often 1280 bytes. I don't know if that has been fixed yet.
I do not see them "fixing" that either, if one misconfigures a host to filter big ICMP packets, you get exactly that, it will filter those packets. In the same way as folks misconfiguring hosts to drop ICMP in general etc. One cannot solve stupid people as they will do stupid things. Greets, Jeroen
Current thread:
- Re: IP tunnel MTU, (continued)
- Re: IP tunnel MTU Shahab Vahabzadeh (Oct 29)
- Re: IP tunnel MTU William Herrin (Oct 29)
- RE: IP tunnel MTU Templin, Fred L (Oct 29)
- Re: IP tunnel MTU Chris Woodfield (Oct 29)
- RE: IP tunnel MTU Templin, Fred L (Oct 30)
- Re: IP tunnel MTU Joe Maimon (Oct 29)
- Re: IP tunnel MTU Jared Mauch (Oct 29)
- Re: IP tunnel MTU Tim Durack (Oct 29)
- Re: IP tunnel MTU Tim Franklin (Oct 30)
- Re: IP tunnel MTU Sander Steffann (Oct 30)
- Re: IP tunnel MTU Jeroen Massar (Oct 30)
- Re: IP tunnel MTU Joe Maimon (Oct 29)
- Re: IP tunnel MTU Jared Mauch (Oct 29)
- RE: IP tunnel MTU Templin, Fred L (Oct 29)
- Re: IP tunnel MTU Masataka Ohta (Oct 29)
- Re: IP tunnel MTU Joe Maimon (Oct 29)
- Re: IP tunnel MTU bmanning (Oct 29)
- Re: IP tunnel MTU Joe Maimon (Oct 29)
- Re: IP tunnel MTU bmanning (Oct 29)
- Re: IP tunnel MTU Joe Maimon (Oct 29)
- Re: forward and reverse DNS (was: Please, talk me down.) Joe Abley (Oct 22)