Just to mention but when you have pmtu occuring in a vpn context, you
have a problem if the lower mtu is in the tunneled packet path:
the icmp will be sent to the originator of the
encapsulated packet which is the vpn box which itself cant send it back
to the client and so pmtu is borken. In
Stripping the DF Bit should be enough to solve this problem... as the
routers will then fragment the packets as required.
Or have I missed something?
Andrew
On 22.06.2004, at 09:54, Jean-Francois Dive wrote:
Just to mention but when you have pmtu occuring in a vpn context, you
have a problem if
Just to mention but when you have pmtu occuring in a vpn context, you
have a problem if the lower mtu is in the tunneled packet path:
the icmp will be sent to the originator of the
encapsulated packet which is the vpn box which itself cant send it back
to the client and so pmtu is borken. In
Stripping the DF Bit should be enough to solve this problem... as the
routers will then fragment the packets as required.
Or have I missed something?
Andrew
On 22.06.2004, at 09:54, Jean-Francois Dive wrote:
Just to mention but when you have pmtu occuring in a vpn context, you
have a problem if
Help!
I can't find it How do I turn off the 'Don't Fragment' bit? without
using IP Tables/ Chains? Is there a proc setting? or do I need to
re-compile ther Kernel? and if so, where is the jumper?
Thanks
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
On June 21, 2004 07:36 am, Andrew Miehs wrote:
I can't find it How do I turn off the 'Don't Fragment' bit? without
using IP Tables/ Chains? Is there a proc setting? or do I need to
re-compile ther Kernel? and if so, where is the jumper?
You're probably looking for
Hi!
I had a similar Problem with a tunnel - I solved it by setting the MTU
of the interface lower. The PMTU discovery didn't work in my case.
rgds,
j
Andrew Miehs wrote:
Hi Fraser,
tried that... But that seemed just to disable PMTU Discovery, and not
disbale the 'DF' bit... (After the traffic
On June 21, 2004 09:50 am, Andrew Miehs wrote:
tried that... But that seemed just to disable PMTU Discovery, and not
disbale the 'DF' bit... (After the traffic between myself and the server
via a CIPE tunnel stopped working when the packets got tooo large)
- Or is there a bug in packet
Will have to try it again...
The reason why Path MTU doesn't work, is that our F5s (BigIPs) seem to
have a broken implementation of NATing ICMP PMTU packets (at least when
using Aggregate ALL - OncConnect or SNAT)
Andrew
My bet would be that someone is blocking icmp messages (you, your
Help!
I can't find it How do I turn off the 'Don't Fragment' bit? without
using IP Tables/ Chains? Is there a proc setting? or do I need to
re-compile ther Kernel? and if so, where is the jumper?
Thanks
Andrew
On June 21, 2004 07:36 am, Andrew Miehs wrote:
I can't find it How do I turn off the 'Don't Fragment' bit? without
using IP Tables/ Chains? Is there a proc setting? or do I need to
re-compile ther Kernel? and if so, where is the jumper?
You're probably looking for
Hi Fraser,
tried that... But that seemed just to disable PMTU Discovery, and not
disbale the 'DF' bit... (After the traffic between myself and the server
via a CIPE tunnel stopped working when the packets got tooo large)
- Or is there a bug in packet fragmentation in the linux kernel?
Regards
Hi!
I had a similar Problem with a tunnel - I solved it by setting the MTU
of the interface lower. The PMTU discovery didn't work in my case.
rgds,
j
Andrew Miehs wrote:
Hi Fraser,
tried that... But that seemed just to disable PMTU Discovery, and not
disbale the 'DF' bit... (After the traffic
On June 21, 2004 09:50 am, Andrew Miehs wrote:
tried that... But that seemed just to disable PMTU Discovery, and not
disbale the 'DF' bit... (After the traffic between myself and the server
via a CIPE tunnel stopped working when the packets got tooo large)
- Or is there a bug in packet
Will have to try it again...
The reason why Path MTU doesn't work, is that our F5s (BigIPs) seem to
have a broken implementation of NATing ICMP PMTU packets (at least when
using Aggregate ALL - OncConnect or SNAT)
Andrew
My bet would be that someone is blocking icmp messages (you, your
15 matches
Mail list logo
