nanog mailing list archives
RE: MTU path discovery and IPSec
From: Arjan Hulsebos <ahulsebos () corp home nl>
Date: Thu, 4 Dec 2003 19:18:45 +0100
On Wed, 03 Dec 2003 16:05:39 GMT, jgraun () comcast net said:1) I assume MTU path discovery has to been in enabled oneach router in the path in order for it work correctly?! Actually, no. All that's required is that:
You also need an OS that does not set the DF-bit on every packet it sends out. IIRC, out-of-the-box Solaris 8 is excellent at doing that. No matter how many icmp messages it gets, it happily ignores them by insisting on sending out frames of 1500 bytes with the DF-bit set. Makes trouble-shooting IPSec connections, uhm.... interesting. Cheers, Arjan H --- This message is confidential and may be privileged. Any review, retransmission, dissemination or other use of, or taking any action with reference to this information by persons other than the intended recipient is prohibited. If you received this message in error, please notify the sender by reply e-mail and delete this message from all computers. Please note that e-mails are susceptible to change. The sender will not accept liability for the improper or incomplete transmission of the information contained in this message.
Current thread:
- Re: MTU path discovery and IPSec, (continued)
- Re: MTU path discovery and IPSec Joe Maimon (Dec 04)
- Re: MTU path discovery and IPSec Valdis . Kletnieks (Dec 04)
- Re: MTU path discovery and IPSec Joe Maimon (Dec 04)
- Re: MTU path discovery and IPSec Crist Clark (Dec 04)
- Re: MTU path discovery and IPSec Joe Maimon (Dec 04)
- Re: MTU path discovery and IPSec Laurence F. Sheldon, Jr. (Dec 04)
- Re: MTU path discovery and IPSec Joe Maimon (Dec 04)
- Re: MTU path discovery and IPSec Valdis . Kletnieks (Dec 04)
- Re: MTU path discovery and IPSec Joe Maimon (Dec 10)
- Re: MTU path discovery and IPSec Barney Wolff (Dec 10)