[AusNOG] Best Practice for IPv4 PMTU discovery?

Paul Gear ausnog at libertysys.com.au
Tue Feb 11 15:34:01 EST 2014


Hi all,

I'm wondering if anyone can point me to an reference on best practices 
for IPv4 PMTU discovery.

I thought the consensus nowadays was that ICMP implementations are good 
enough to be confident in allowing type 3 to one's firewalls to allow 
for correct interpretation of incoming type 3 code 4, but I'm running 
into a lot of large, well-known corporates that don't seem to do this, 
and this is breaking their incoming email delivery to us (they get past 
the HELO, MAIL, and RCPT, fine, but hang on DATA when we send them the 
fragmentation needed packet).  Some of them seem to run Check Point 
firewalls, which leads me to wonder if they're running a buggy version [1].

Google searches have returned only hits which reinforce my current 
understanding [2][3][4][5].  Your collective wisdom on the point would 
appreciated.

Thanks in advance,
Paul

[1] 
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96124
[2] http://en.wikipedia.org/wiki/PMTUD
[3] http://wiki.nil.com/Path_MTU_Discovery
[4] http://stack.nil.com/ipcorner/IP_Fragmentation/
[5] 
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml



More information about the AusNOG mailing list