Subject: Re: gsip sends byte-swapped vlan tags
To: None <firstname.lastname@example.org>
From: Christos Zoulas <email@example.com>
Date: 01/26/2006 20:53:09
In article <200601261615.LAA28076@Sparkle.Rodents.Montreal.QC.CA>,
der Mouse <mouse@Rodents.Montreal.QC.CA> wrote:
>>>> Bugs have to be fixed, not worked around by disabling a feature.
>>> I agree. But then why do we support MSS clamping?
>> Because we cannot make Verizon stop using pppoe :-)
>PPPoE is not the problem either; it merely is the commonest cause of
>setups which expose the problem. Making Verizon stop using PPPoE would
>just be another workaround.
>The real problem is on the other end: hosts which try to do PMTU-D, but
>are behind boxes (usually misconfigured firewalls) which drop the ICMPs
>necessary for PMTU-D to function.
It is not just misconfigured firewalls. Even if you have PMTU-D, things
get interesting if you try to do IPSEC over such a link and NAT... I've
gotten things to work, but only with MSS clamping. Otherwise my windows
boxes behind the NAT/IPSEC NetBSD gateway silently drop packets in a
specific size range... Try it. It could be a bug in the NetBSD fragmentation
code or something else. I don't know.