On 06/21/2016 07:37 AM, Nick Cutting wrote:
We have a few providers in HK who deliver our public /24's via a /30 RFC 1918
Address.
I'm not 100 percent sure how it breaks the path discovery, I would love to test
this too, as we have a few of these setups in place.
The issue is that many routers, when the need arises to fragment
packets, will send back an icmp 'fragmentation needed' message, *from
the source ip address of the interface that was traversed*. So, if you
have a p2p link with your end being 192.168.1.1, your router may very
well send the packet with that ip. And, many providers filter packets
with rfc1918 addresses inbound and outbound, meaning that the likelyhood
of the icmp message reaching the initiator of the flow in the first
place, is low to zero. Its a devil of a problem to diagnose, but it's
real, and for that reason I reccomend making sure your gear can source
these with a valid ip instead.
Mike-
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
