North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: 92 Byte ICMP Blocking Problem
In message <[email protected]>, Chris Adams writes: > >Once upon a time, Richard J.Sears <[email protected]> said: >> Since then, we have been hammered with customer complaints concerning >> the inability to talk to mail servers and ssh to their servers, as well >> as other weird network issues, all centering around the time we started >> blocking 92 Byte ICMP packets. >> >> Has anyone else seen this, and if so, is the only resolution to stop the >> blockage of 92 Byte ICMP Packets..? > >Yes. As soon as we put the policy route map in place, we had some >people unable to talk via SSH, SMTP, or POP3. It was random: one person >here in the office couldn't SSH to a particular server. He could SSH to >other servers, and the rest of us could SSH to the server he could not. >We had similar experiences with SMTP and POP3. When we took the policy >route map back out, the problems went away. > >This is with IOS 12.0(25)S1 on a 7513 doing dCEF. We put the policy >route map on the FE interface linking this router to the POP core >router; this router has MC-T3 interfaces and ethernets to Ascend TNTs >and such. The intent was to stop the 92 byte ICMP echos from reaching >the Ascend TNTs, since several of them were rebooting constantly. I wonder if it's a Path MTU problem. Can you turn off Path MTU on some of the affected hosts and see if it solves the problem? --Steve Bellovin, http://www.research.att.com/~smb
|