[AusNOG] Best Practice for IPv4 PMTU discovery?
Paul Gear
ausnog at libertysys.com.au
Tue Feb 11 15:34:01 EST 2014
Hi all,
I'm wondering if anyone can point me to an reference on best practices
for IPv4 PMTU discovery.
I thought the consensus nowadays was that ICMP implementations are good
enough to be confident in allowing type 3 to one's firewalls to allow
for correct interpretation of incoming type 3 code 4, but I'm running
into a lot of large, well-known corporates that don't seem to do this,
and this is breaking their incoming email delivery to us (they get past
the HELO, MAIL, and RCPT, fine, but hang on DATA when we send them the
fragmentation needed packet). Some of them seem to run Check Point
firewalls, which leads me to wonder if they're running a buggy version [1].
Google searches have returned only hits which reinforce my current
understanding [2][3][4][5]. Your collective wisdom on the point would
appreciated.
Thanks in advance,
Paul
[1]
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96124
[2] http://en.wikipedia.org/wiki/PMTUD
[3] http://wiki.nil.com/Path_MTU_Discovery
[4] http://stack.nil.com/ipcorner/IP_Fragmentation/
[5]
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
More information about the AusNOG
mailing list