Re: [CentOS] Re: Sendmail and pmtu discovery
Scott Silva wrote: on 10-14-2008 6:24 AM Ralph Angenendt spake the following: So you basically broke your internet connection because of stupid customers? No, there isn't anything you can do on your side - especially if you don't know how large their MTU is set (which you cannot discover, as they forbid you to do so). So you can only hope that you get exactly the same MTU as they have (and that there is nothing inbetween which has a lower MTU). It is their problem. If they don't want to play by the rules, they should have to sit out the problems they themselves created. Sometimes you can't be so hard headed when you are dealing with customers. You usually are trying to get them to give money to YOU, not your competitor. If I told my customers that It is your problem, I would no longer have customers to worry about! But your competitor wouldn't be able to send them mails either :) As said, they deliberately broke their internet connection, so there isn't much you can do except setting your MTU to an extremely low value and hope that there's nothing in between which has an even lower MTU. So your best choice would be to do some consulting and give them some advice on what they did wrong and how they can selectively block ICMP types (for example redirect and such). Cheers, Ralph pgprQSeZxMvj2.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Sendmail and pmtu discovery
Ralph Angenendt wrote: As said, they deliberately broke their internet connection, so there isn't much you can do except setting your MTU to an extremely low value and hope that there's nothing in between which has an even lower MTU. It doesn't have to be extremely low, it just has to be low enough. The usual reason for needing to be less than the 1500 bytes permitted by ethernet would be using some sort of tunnel protocol for PPOE or a VPN. 1460 might keep everybody happy. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Sendmail and pmtu discovery
Thanks for the information. If I understand this correctly, the client would have to convince the owner of each and every router hop along the way to disable PMTU discovery if he insists on dropping all ICMP packets? And Scott hit the nail on the head with this comment: Sometimes you can't be so hard headed when you are dealing with customers. You usually are trying to get them to give money to YOU, not your competitor. If I told my customers that It is your problem, I would no longer have customers to worry about! If you've ever dealt with with one of these paranoid Mordac-type security managers you know exactly what I'm talking about. In our case the path of least resistance was to disable pmtu discovery, and tell the customer that we've done all we possibly can to alleviate the issue on our end. Hopefully they come to their senses and allow ICMP packets like every major ISP and mail provider on the Internet. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Sendmail and pmtu discovery
Les Mikesell wrote: Ralph Angenendt wrote: As said, they deliberately broke their internet connection, so there isn't much you can do except setting your MTU to an extremely low value and hope that there's nothing in between which has an even lower MTU. It doesn't have to be extremely low, it just has to be low enough. The usual reason for needing to be less than the 1500 bytes permitted by ethernet would be using some sort of tunnel protocol for PPOE or a VPN. 1460 might keep everybody happy. Might being the operative word here, yes. Ralph pgprG3ULaNFXt.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Sendmail and pmtu discovery
On Oct 14, 2008, at 1:59 PM, Sean Carolan wrote: If you've ever dealt with with one of these paranoid Mordac-type security managers you know exactly what I'm talking about. In our case the path of least resistance was to disable pmtu discovery, and tell the customer that we've done all we possibly can to alleviate the issue on our end. Hopefully they come to their senses and allow ICMP packets like every major ISP and mail provider on the Internet. Yes, but then you have broken your equipment, and possibly lost the ability to communicate with many more customers. Yes, I've dealt with these people. If they turn off all ICMP, they often drop fragments as well, making the problem even worse. You can sometimes get them to listen by asking them if their Internet access seems a little weird in that some sites work sometimes or downloads are slow or they can't get some email :-) They'll usually say yes and then you might be able to get them to listen, and hopefully send them a bill. --Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos