On Wed, Mar 24, 2010 at 16:21, Matlock, Kenneth L <[email protected]> wrote: > > Basically ICMP needs to be enabled end-to-end for something called PMTUD > (Path MTU Discovery) to work properly. PMTUD is needed to figure out the > proper MTU, but requires end-to-end ICMP connectivity.
[instructor hat off] [old ISP engineer hat on] PMTUD doesn't work. It's broken. Because of clueless security paranoid people who think "all ICMP = bad" and configure their firewalls as such. Being an ISP and relying that PMTUD will work for your customers is like being French and relying that Marginot line will hold off Germans in 1939. It did. For exaclty 30 seconds it took them to knock on the back door and say "surrender". [old ISP engineer hat off] [instructor hat on] -- Marko Milivojevic - CCIE #18427 Senior Technical Instructor - IPexpert YES! We include 400 hours of REAL rack time with our Blended Learning Solution! Mailto: [email protected] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Web: http://www.ipexpert.com/ _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
