Fixing MTU issues - would somebody like a 'tracepath6 from 47 different ISPs'?
tjc at ecs.soton.ac.uk
Tue Jun 7 12:14:46 CEST 2011
On 7 Jun 2011, at 11:12, Matsuzaki Yoshinobu wrote:
> Date: Tue, 7 Jun 2011 11:57:48 +0200
> Andrew Yourtchenko <ayourtch at gmail.com> wrote
>> On Tue, Jun 7, 2011 at 11:46 AM, Jeroen Massar <jeroen at unfix.org> wrote:
>>> First an insult: Folks who think that blocking ICMP is 'smart' and
>>> 'secure' please upgrade your brain and fix your local issue and at least
>>> don't block ICMP Packet Too Big, it really is needed for a proper
>>> functioning of the Internet.
>> Though sometimes it is a bit more complicated than just ICMP being blocked.
>> (speaking from personal experience with tracking down s/w bugs).
> Yes, it's complicated actually. Folks who are using smaller MTU links
> in their network should look into their router's configuration. By
> defalut, cisco ios originates only 1 icmp error every 100msec(0.1pps),
> and juniper junos originates 1000 icmp (including echo replies)
> packets/sec. This leads the PMTUd failures in some cases.
I recall RIPE NCC has an IPv6 'tunnel detector' matrix that was looking at PMTUD also... but that was a while ago and not sure of its current status.
More information about the ipv6-ops