I do have public Interface on that router but how do we tell them use "Public IP" for ICMP unreachable?
On Tue, Jun 21, 2016 at 3:42 PM, Mike <mike-cisconspl...@tiedyenetworks.com> wrote: > On 06/21/2016 07:37 AM, Nick Cutting wrote: >> >> We have a few providers in HK who deliver our public /24's via a /30 RFC >> 1918 Address. >> >> I'm not 100 percent sure how it breaks the path discovery, I would love to >> test this too, as we have a few of these setups in place. > > > The issue is that many routers, when the need arises to fragment packets, > will send back an icmp 'fragmentation needed' message, *from the source ip > address of the interface that was traversed*. So, if you have a p2p link > with your end being 192.168.1.1, your router may very well send the packet > with that ip. And, many providers filter packets with rfc1918 addresses > inbound and outbound, meaning that the likelyhood of the icmp message > reaching the initiator of the flow in the first place, is low to zero. Its a > devil of a problem to diagnose, but it's real, and for that reason I > reccomend making sure your gear can source these with a valid ip instead. > > > Mike- > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/