Fixing MTU issues - would somebody like a 'tracepath6 from 47 different ISPs'?
Matsuzaki Yoshinobu
maz at iij.ad.jp
Tue Jun 7 12:12:57 CEST 2011
Date: Tue, 7 Jun 2011 11:57:48 +0200
Andrew Yourtchenko <ayourtch at gmail.com> wrote
> On Tue, Jun 7, 2011 at 11:46 AM, Jeroen Massar <jeroen at unfix.org> wrote:
>> First an insult: Folks who think that blocking ICMP is 'smart' and
>> 'secure' please upgrade your brain and fix your local issue and at least
>> don't block ICMP Packet Too Big, it really is needed for a proper
>> functioning of the Internet.
>
> +1.
>
> Though sometimes it is a bit more complicated than just ICMP being blocked.
> (speaking from personal experience with tracking down s/w bugs).
Yes, it's complicated actually. Folks who are using smaller MTU links
in their network should look into their router's configuration. By
defalut, cisco ios originates only 1 icmp error every 100msec(0.1pps),
and juniper junos originates 1000 icmp (including echo replies)
packets/sec. This leads the PMTUd failures in some cases.
see also:
- http://www.attn.jp/maz/p/t/pdf/pmtud-failure-cases-maz.pdf
-----
Matsuzaki Yoshinobu <maz at iij.ad.jp>
- IIJ/AS2497 INOC-DBA: 2497*629
More information about the ipv6-ops
mailing list