[AusNOG] MTU debugging? (Or possibly just a fault with Amazon SES?)

Wed Jun 3 19:23:20 EST 2015

On 03/06/15 17:03, Paul Wilkins wrote:
> I wonder if Amazon are not RFC 791 compliant, because 'This usually
> signifies an MTU misconfiguration on the remote end, we cannot help
> with this' suggests a problem with packets dropping when oversize,
> rather than fragmenting?

Most hosts speaking TCP set the DF (Don’t Fragment) bit, thereby encouraging MTU boundaries to send ICMP fragmentation reports.  (Feature, not a bug.)

The alternative is to speak TCP without the DF bit set, thereby causing fragmentation at an MTU boundary, leading to worse efficiency.

Both situations suck, because both ICMP and fragmented packets are subject to senseless amounts of filtering by uninformed admins.

In IPv6, fragmentation is end-to-end, making it even more crucially important for intermediate hops to not block vital ICMP messages.  (Dear Internet: ICMP is not optional.)