Subject: Re: gsip sends byte-swapped vlan tags
To: None <>
From: Christos Zoulas <>
List: tech-net
Date: 01/26/2006 20:53:09
In article <200601261615.LAA28076@Sparkle.Rodents.Montreal.QC.CA>,
der Mouse  <mouse@Rodents.Montreal.QC.CA> wrote:
>>>> Bugs have to be fixed, not worked around by disabling a feature.
>>> I agree.  But then why do we support MSS clamping?
>> Because we cannot make Verizon stop using pppoe :-)
>PPPoE is not the problem either; it merely is the commonest cause of
>setups which expose the problem.  Making Verizon stop using PPPoE would
>just be another workaround.
>The real problem is on the other end: hosts which try to do PMTU-D, but
>are behind boxes (usually misconfigured firewalls) which drop the ICMPs
>necessary for PMTU-D to function.

It is not just misconfigured firewalls. Even if you have PMTU-D, things
get interesting if you try to do IPSEC over such a link and NAT... I've
gotten things to work, but only with MSS clamping. Otherwise my windows
boxes behind the NAT/IPSEC NetBSD gateway silently drop packets in a
specific size range... Try it. It could be a bug in the NetBSD fragmentation
code or something else. I don't know.