> But in between the network, some routers have some firewall > configuration so that they will simply drop any incomming ICMP > packet without sending any response to the sender. Not just routers. Many "host firewalls" will by default drop all unsolicited ICMP packets. The rational is a variant of security by obscurity: a host is more secure if its presence cannot be trivially detected. The old assumption used to be that if a host has an IP address, it can receive pretty much any packet sent to that address. The practical situation we have today is that if two hosts communicate over a given protocol and port, they can receive packets from the same "five tuple" but are not guaranteed to receive other packets. This has an important consequence for many IETF designed protocols, including indeed path MTU discovery. -- Christian Huitema _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf