Hi folks
As the subject suggests, this is a bit off topic, but as a LEAF system
is involved please excuse me.
I am baffled by the behaviour of a M$ application (IIS) on a customer
network.
This network is a hub and spoke structure built with Bering glibc
routers. Some of the locations use DSL, others cable modem. The spokes
are IPSEc connections to the hub network. In The hub network there is a
IIS server with a WEB application.
A client system on one of the client networks requests a page (or rather
a web based application) on the server. I can observe the normal packet
flow between client and server until....the server tries to send a
packet of size 1452 bytes to the client (with DF bit set). I _believe_
IPSEC decides that this packet is too large to be passed to the other
side so the Bering system sends an ICMP fragmentation needed package to
the server with a size proposal of 1319 bytes.
I would expect the server to reduce the packet size accordingly but
helas it does not. Am I just naive to expect M$ to follow or is it
compulsory only to respect ICMP?
Thanks
Erich
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
