MTU path discovery and IPSec

Steven M. Bellovin smb at
Wed Dec 3 16:19:20 UTC 2003

In message <120320031605.8838.1dea at>, jgraun at writes:
>Two questions:
>1) I assume MTU path discovery has to been in enabled on each router in the pa
>th in order for it work correctly?!

No -- it only has to be enabled on routers with smaller outbound MTUs 
than inbound.  A router for which all links have a 1500-byte MTU 
doesn't need path MTU discovery; it will never need to fragment 

		--Steve Bellovin,

More information about the NANOG mailing list