nanog mailing list archives
Re: MTU to CDN's
From: William Herrin <bill () herrin us>
Date: Fri, 19 Jan 2018 09:36:31 -0500
On Fri, Jan 19, 2018 at 8:48 AM, Mike Hammett <nanog () ics-il net> wrote:
Other than people improperly blocking ICMP, when does PMTUD not work? Honest question, not troll.
Hi Mike, One common scenario: the router's interface is numbered with an RFC 1918 private IP address. The packet is dropped because it tries to enter an adjacent system with a source address that isn't valid for the transit. Another common scenario: the packet is encapsulated in MPLS when it reaches the segment which can't handle the large packet. That particular router is not set up to decapsulate the MPLS packet and act on the IPv4 packet inside. A third scenario: asymmetric routing. A particular router is capable of moving packets to your destination but either intentionally or due to a configuration error is unable to route packets back to the source. A fourth scenario: for security reasons (part of defense in depth), a host is only permitted to communicate with whitelisted IP addresses. Random Internet routers are not on the whitelist. PMTUD's routine failure demonstrates the wisdom of the end to end principle. It's the one critical place in base IPv4 that doesn't follow it. Regards, Bill Herrin -- William Herrin ................ herrin () dirtside com bill () herrin us Dirtside Systems ......... Web: <http://www.dirtside.com/>
Current thread:
- Re: MTU to CDN's, (continued)
- Re: MTU to CDN's Mike Hammett (Jan 19)
- Re: MTU to CDN's Mikael Abrahamsson (Jan 19)
- Re: MTU to CDN's Mike Hammett (Jan 19)
- Re: MTU to CDN's Jared Mauch (Jan 19)
- Re: MTU to CDN's Mike Hammett (Jan 19)
- Re: MTU to CDN's Mikael Abrahamsson (Jan 19)
- Re: MTU to CDN's Vincent Bernat (Jan 19)
- Re: MTU to CDN's William Herrin (Jan 19)
- Re: MTU to CDN's Olivier Benghozi (Jan 19)
- Re: MTU to CDN's Ruairi Carroll (Jan 19)
- Re: MTU to CDN's William Herrin (Jan 19)
- Re: MTU to CDN's Mark Andrews (Jan 08)