[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MTU to CDN's

On Fri, Jan 19, 2018 at 8:48 AM, Mike Hammett <nanog at ics-il.net> wrote:

> Other than people improperly blocking ICMP, when does PMTUD not work?
> Honest question, not troll.

Hi Mike,

One common scenario: the router's interface is numbered with an RFC 1918
private IP address. The packet is dropped because it tries to enter an
adjacent system with a source address that isn't valid for the transit.

Another common scenario: the packet is encapsulated in MPLS when it reaches
the segment which can't handle the large packet. That particular router is
not set up to decapsulate the MPLS packet and act on the IPv4 packet inside.

A third scenario: asymmetric routing. A particular router is capable of
moving packets to your destination but either intentionally or due to a
configuration error is unable to route packets back to the source.

A fourth scenario: for security reasons (part of defense in depth), a host
is only permitted to communicate with whitelisted IP addresses. Random
Internet routers are not on the whitelist.

PMTUD's routine failure demonstrates the wisdom of the end to end
principle. It's the one critical place in base IPv4 that doesn't follow it.

Bill Herrin

William Herrin ................ herrin at dirtside.com  bill at herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>