|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: PMTU and Broken Servers
>>>>> "bicknell" == Leo Bicknell <[email protected]> writes: bicknell> This is a new problem to me, but I'm sure people have bicknell> run into it before. Are the servers really that broken bicknell> (PMTU enabled, ICMP Can't Fragement filtered)? Does the bicknell> head end box of DSL services generally do something to bicknell> work around this (ie, clear the DF bit)? Am I just bicknell> being an idiot and missing something obvious? I first saw this about four years ago with a web site running behind a load balancing device. It was -- and probably still is -- another issue of default configuration hell. The web servers were configured by default to do Path MTU discovery, while the load balancer had no concept of passing the ICMP Need Fragment packet back to the appropriate server. (There may still be no good way to do this; if I remember right, the ICMP Need Fragment packet contains only IPs and not ports; the host sending the ICMP packet will be using its IP and the outside IP of the load balancer, giving the load balancer no good way to determine where to pass the ICMP packet, unless the load balancer is guaranteeing that all data from a particular IP goes to a particular server -- also not a default configuration.) It's a hard call for which to make the default; PMTU makes sense, obviously, unless you're running behind a load balancer. It's another one of those things that probably isn't documented anywhere, or if it is, it's buried in an appendix that nobody gets to. The only solution is to mail the folks maintaining the web sites you can't get to with a short explanation of what you think the problem is, and hope they look into it and fix it. Not unlike smurf relays and networks that don't filter outgoing source addresses. }:> -dalvenjah --
|