[AusNOG] PMTUD was -> RE: GRE Tunnel MTU suggestions
Paul Gear
ausnog at libertysys.com.au
Thu Jul 3 22:49:57 EST 2014
On 07/03/2014 09:38 AM, Mark Andrews wrote:
> In message <53B479A7.20203 at libertysys.com.au>, Paul Gear writes:
>> On 07/02/2014 09:55 AM, Alex Samad - Yieldbroker wrote:
>>> ...
>>> {snip}
>>>> PMTUD is better to use, MSS adjusting is a TCP specific hack. Don't switch it
>>>> on unless you need to because PMTUD is broken.
>>>
>>> How broken is PMTUD now, I remember back in the day diagnosing a lot of DSL conne
>> ction that failed because of this.
>>
>> After my experiences earlier in the year [1], I came to the conclusion
>> that PMTUD is always broken, and turned on TCP MSS clamping on all our
>> edge routers.
>
> PMTUD stays broken because people turn on TCP MSS clamping. TCP MSS clamping
> is a gross hack that I wish was never invented. Firewalls are over used and
> rarely configured correctly.
Hi Mark,
Unfortunately, when government departments, banks, and large corporate
outsourcing companies fail to implement appropriate rules in their
firewalls, we get the blame because they can't email us. When the
choice became one between getting our staff productive and forcing
larger networks than ours to change their firewall policies, I chose to
implement TCP MSS clamping and get back to more productive activities.
If you have a reliable method for fixing this at layer 8, I would be
happy to provide you with a list of the ASNs and IP addresses of the
offenders so that you can help them fix their firewalls.
Regards,
Paul
More information about the AusNOG
mailing list