Who does source address validation? (was Re: what's that smell?)

• Previous message (by thread): Broken PMTU (was: Who does source address validation? (was Re:what's that smell?))
• Next message (by thread): Who does source address validation? (was Re: what's that smel l?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 09 Oct 2002 23:05:59 BST, "Stephen J. Wilcox" said:

> On a related issue (pMTU) I recently discovered that using a link with MTU <
> 1500 breaks a massive chunk of the net - specifically mail and webservers who
> block all inbound icmp.. the servers assume 1500, send out the packets with DF

My personal pet peeve is the opposite - we'll try to use pMTU, some provider
along the way sees fit to run it through a tunnel, so the MTU there is 1460
instead of 1500 - and the chuckleheads number the tunnel endpoints out of
1918 space - so the 'ICMP Frag Needed' gets tossed at our border routers,
because we do both ingress and egress filtering.  It's bad enough when all
the interfaces on the offending unit are 1918-space, but it's really annoying
when the critter has perfectly good non-1918 addresses it could use as
the source... Argh...
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20021010/28130c46/attachment.sig>

• Previous message (by thread): Broken PMTU (was: Who does source address validation? (was Re:what's that smell?))
• Next message (by thread): Who does source address validation? (was Re: what's that smel l?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]