Re: Problem of blocking ICMP packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dean Anderson;

>>There were (still are?) number of web servers that wanted to send
>>big packets with DF turned on, because PMTUD was turned on on the
>>servers but ICMP errors were filtered.

> There still are such apps.  I ran into this recently, last winter.

So, that is the reality. Note that we run into this only if
there are both such servers and such filters.

> The
> network can't possibly work if people are going to turn
> critical parts of it off, parts that they don't fully understand.

The most critical ICMP generated by intermediate routers is
TTL exceeded, I think, though it is not critical for real
applications.

We can do without others. However, there are people who want to
invent inappropriate use of inessential features. For example,
TCP should not be disconnected upon network unreachable ICMP but
some TCP did. PMTUD is, IMHO, another example.

> I think we disagree on the "reality". The reality is that most sensible
> people and ISPs don't block harmless ICMP messages.

Sensible people should block PMTUD, too.

>>>This is the first I have heard that path mtu discovery software was
>>>unreliable.

>>Can you tell me who said it with an appropriate reference?

> Err, _you_ said it:

I never said software unreliable.

Note that an example of unreliable software is Windows.

						Masataka Ohta


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]