On Wed, Dec 10, 2003 at 03:43:59PM -0500, Joe Maimon wrote:
>
> Packets are fragmented into equally sized units to prevent further
> downstream fragmentation.
For amusement's sake, in response to a challenge from Crist Clark,
here's code to do it right. Pretty simple, although I have no idea
ho
Joe Maimon wrote:
Tony Rall wrote:
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn <[EMAIL PROTECTED]>
wrote:
I was
wondering would it not be wiser for fraggers to frag in half instead
of just the overflow?
I noticed today this URL
http://www.cisco.com/en/US/products/sw/iosswr
>Is there any discussion on better alternatives to PMTUD such as leaving
>off DF and a new ICMP subtype, rate limited, to inform senders that
>they've been fragged and at what (call it reverse PMTUD?) ?
There is a better alternative that is already used in production.
When a router receives pac
On Thu, 04 Dec 2003 17:22:23 PST, Crist Clark said:
> Excerise for the reader:
>
> Devise an algorthm that will take an arbitrarily sized packet 20-65535
> octets and an arbitrarily sized MTU, > 576 octets, and split the
> packet into the minimum number of "n" fragments where each fragment is
>
Laurence F. Sheldon, Jr. wrote:
Crist Clark wrote:
Joe Maimon wrote:
Tony Rall wrote:
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn <[EMAIL PROTECTED]> wrote:
(And note that frag 1 often is not the first fragment to arrive at
downstream nodes. In my exampl
Crist Clark wrote:
>
> Joe Maimon wrote:
> >
> > Tony Rall wrote:
> >
> > >On Wednesday, 2003-12-03 at 09:38 PST, David Sinn <[EMAIL PROTECTED]> wrote:
> > >
> >
> >
> > >(And note that frag 1 often is not the first fragment to arrive at
> > >downstream nodes. In my example in (1), frequently f
Crist Clark wrote:
Joe Maimon wrote:
Tony Rall wrote:
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn <[EMAIL PROTECTED]> wrote:
(And note that frag 1 often is not the first fragment to arrive at
downstream nodes. In my example in (1), frequently frag 2 will reach
pl
[EMAIL PROTECTED] wrote:
On Thu, 04 Dec 2003 18:03:38 EST, Barney Wolff said:
That's not how PMTUD works. If DF is set, you discard the packet and
report back with ICMP. If DF is not set, you frag the packet - but
that's not PMTUD, because no report ever goes back to the sender.
Oh, s
Joe Maimon wrote:
>
> Tony Rall wrote:
>
> >On Wednesday, 2003-12-03 at 09:38 PST, David Sinn <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >
>
>
> >(And note that frag 1 often is not the first fragment to arrive at
> >downstream nodes. In my example in (1), frequently frag 2 will reach
> >places
On Thu, 04 Dec 2003 18:03:38 EST, Barney Wolff said:
> That's not how PMTUD works. If DF is set, you discard the packet and
> report back with ICMP. If DF is not set, you frag the packet - but
> that's not PMTUD, because no report ever goes back to the sender.
Oh, so we compute ONE number if DF
Barney Wolff wrote:
On Thu, Dec 04, 2003 at 05:54:42PM -0500, [EMAIL PROTECTED] wrote:
On Thu, 04 Dec 2003 16:40:45 EST, Joe Maimon <[EMAIL PROTECTED]> said:
I was wondering would it not be wiser for fraggers to frag in half
instead of just the overflow?
There's 2 cases here:
1
On Thu, Dec 04, 2003 at 05:54:42PM -0500, [EMAIL PROTECTED] wrote:
> On Thu, 04 Dec 2003 16:40:45 EST, Joe Maimon <[EMAIL PROTECTED]> said:
> > I was wondering would it not be wiser for fraggers to frag in half
> > instead of just the overflow?
>
> There's 2 cases here:
>
> 1) This is the fina
On Thu, 04 Dec 2003 16:40:45 EST, Joe Maimon <[EMAIL PROTECTED]> said:
> I agree with all I have snipped.
> I was wondering would it not be wiser for fraggers to frag in half
> instead of just the overflow?
There's 2 cases here:
1) This is the final frag on the path - if PMTUD is in use, we wa
Tony Rall wrote:
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn <[EMAIL PROTECTED]> wrote:
(And note that frag 1 often is not the first fragment to arrive at
downstream nodes. In my example in (1), frequently frag 2 will reach
places before frag 1 does (if any router along the path
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn <[EMAIL PROTECTED]> wrote:
> Given the nastiness of ICMP DDoS attacks of late, it might be better to
hit
> the server and client admin's with the clue bat about not using PMTU
> discovery (which also extends to the writers of the App's and OS's).
Title: RE: MTU path discovery and IPSec
> On Wed, 03 Dec 2003 16:05:39 GMT, [EMAIL PROTECTED] said:
>
> > 1) I assume MTU path discovery has to been in enabled on
> each router in the path in order for it work correctly?!
>
> Actually, no. All that's required i
--On Wednesday, December 3, 2003 11:39 AM -0500 [EMAIL PROTECTED]
wrote:
On Wed, 03 Dec 2003 16:05:39 GMT, [EMAIL PROTECTED] said:
1) I assume MTU path discovery has to been in enabled on each router in
the path in order for it work correctly?!
Actually, no. All that's required is that:
a)
> Chris Proctor
> EPIK Communications
>
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> Sent: Wednesday, December 03, 2003 11:39 AM
>> To: [EMAIL PROTECTED]
>> Cc: [EMAIL PROTECTED]
>> Subject: Re: MTU path discover
at the firewall.
Chris Proctor
EPIK Communications
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 03, 2003 11:39 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: MTU path discovery and IPSec
>
>
On Wed, 03 Dec 2003 16:05:39 GMT, [EMAIL PROTECTED] said:
> 1) I assume MTU path discovery has to been in enabled on each router in the path in
> order for it work correctly?!
Actually, no. All that's required is that:
a) The router handle the case of a too-large packet with the DF bit set by
A subtle correction...
A router where all MTUs are the same will never have to fragement
anything. A router where all MTUs are >=1500 will probably not
need to fragment anything. However, it is possible to attach
a host via GIG-E or other media which supports jumbo frames
(Frame relay, for examp
In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] writes:
>
>Two questions:
>
>1) I assume MTU path discovery has to been in enabled on each router in the pa
>th in order for it work correctly?!
No -- it only has to be enabled on routers with smaller outbound MTUs
than inbound. A router for whi
Two questions:
1) I assume MTU path discovery has to been in enabled on each router in the path in
order for it work correctly?!
2) Anybody use this to solve application issues over an IPSec tunnel to due to large
of a frame?
any help would be great
Thanks
23 matches
Mail list logo