Subject: Re: DF strikes again
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 03/16/2001 09:02:50
moved to tech-net.
> > Then how do you correct a situation where MTU is too small and some remote
> > site is doing PMTU discovery _and_ blocking ICMP packets? Yes, the problem
> > should be fixed at the remote site, but what if you NEED to use that site
> > and they do NOT fix the problem?
>The correct solution is to fix the broken firewall.
>But, failing that, the endpoints should do something called "Black Hole
>Discovery", which detects ICMP black-holes and works around the braindamage
>in some way.
in this situation, i guess blackhole discovery has to be implemented
at the remote webserver, not my client side.
(or is it possible for my http client to run tricks?)
web server in remote
broken firewall that filters all icmp |
| | large packet with DF=1 stuck
router v here
| path with smaller MTU