Here's a little dos-based utility to see what the largest supported MTU is.
http://www.elifulkerson.com/projects/mturoute.php usage is 'mturoute.exe -t <target_ip>' (Assuming you're not blocking ICMP) :) Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 [email protected] -----Original Message----- From: Matlock, Kenneth L Sent: Wednesday, March 24, 2010 10:29 AM To: 'Marko Milivojevic'; Matlock, Kenneth L Cc: Saif Bin Ilyas; [email protected] Subject: RE: [OSL | CCIE_RS] CCIE_RS Digest, Vol 50, Issue 136 Oh, I COMPLETELY agree. I was only stating what needed to be enabled for a Vista/Windows 7 machine to discover the MTU to use. In theory yes it's a great idea, but like Marko says, WAY too many places block ICMP for it to be useful :( *Usually* an MTU of 1500 to the general internet works. I'd check to make sure everything between the user and your handoff to the network supports at least 1500. Ken Matlock Network Analyst Exempla Healthcare (303) 467-4671 [email protected] -----Original Message----- From: Marko Milivojevic [mailto:[email protected]] Sent: Wednesday, March 24, 2010 10:25 AM To: Matlock, Kenneth L Cc: Saif Bin Ilyas; [email protected] Subject: Re: [OSL | CCIE_RS] CCIE_RS Digest, Vol 50, Issue 136 On Wed, Mar 24, 2010 at 16:21, Matlock, Kenneth L <[email protected]> wrote: > > Basically ICMP needs to be enabled end-to-end for something called PMTUD > (Path MTU Discovery) to work properly. PMTUD is needed to figure out the > proper MTU, but requires end-to-end ICMP connectivity. [instructor hat off] [old ISP engineer hat on] PMTUD doesn't work. It's broken. Because of clueless security paranoid people who think "all ICMP = bad" and configure their firewalls as such. Being an ISP and relying that PMTUD will work for your customers is like being French and relying that Marginot line will hold off Germans in 1939. It did. For exaclty 30 seconds it took them to knock on the back door and say "surrender". [old ISP engineer hat off] [instructor hat on] -- Marko Milivojevic - CCIE #18427 Senior Technical Instructor - IPexpert YES! We include 400 hours of REAL rack time with our Blended Learning Solution! Mailto: [email protected] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Web: http://www.ipexpert.com/ _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
