On Mon, 2 Feb 1998 14:22:37 +0200 
 Jukka Marin <jmarin@pyy.jmp.fi> wrote:

 > They allowed ICMP through their firewall and now the mail message got
 > through.
 > 
 > I still don't understand why they try to send packets of 1460 bytes with DF
 > set..

Path MTU Discovery.  Basically, the packet goes out with DF set, and when
it gets a message back that fragmentation is needed, it lowers the segment
size and retries the TCP segment.

 > BTW, what's the basic idea of DF, anyway?  The fragmented packets will be
 > reassembled at the receiving end, so why not allow fragmenting and let the
 > routers do what they have to? :-)  (A stupid question probably, but it had
 > to be asked.. ;)  Sure, it may affect performance with high packet losses,
 > but..

If you're doing TCP, you want the IP datagrams to be received "atomically"
at the other end.  If the IP datagram is fragment, and you lose only one
of those fragments, you have to retransmit the entire TCP segment, which
is a lose in terms of performance, and a waste of bandwidth.

Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                            Home: +1 408 866 1912
NAS: M/S 258-5                                       Work: +1 650 604 0935
Moffett Field, CA 94035                             Pager: +1 415 428 6939