> While you're absolutely right that this MUST NOT happen, in practice it does.
I think we're in at least partial agreement. The point I'm making is that this configuration is not something that's supported by IP, and that VPN implementations that cause MTU blackholes are quite simply buggy. (There's an argument to be made that IPv6 should support variable MTU links. Good luck pushing this idea at the IETF, which, of late, appers to be mostly interested in breaking the e2e principle and proxying everything at the application layer. Sorry for the rant.) Of course, in practice misconfiguration happens, and so it's a good thing to be able to be able to automatically detect misconfiguration and discard the link. It would be even better to be able to notify the network administrator of the issue, but that would be a little more work than I'm willing to do right now. (For example, we could send Hellos in a small packets, in order to discover neighbours, and then send a small number of Ack Requests padded to MTU to every discovered neighbour. If a neighbour never answers the Ack Request, then it's fairly strong evidence that there's something wrong.) -- Juliusz _______________________________________________ Babel-users mailing list Babel-users@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users