On Sun, 22 Nov 1998, Charles M. Hannum wrote:

> 
> A couple of things:
> 
> 1) The system which was failing to get packets through due to PMTU
>    discovery was actually the InterNIC endpoint, not the NetBSD
>    endpoint.  Users of InterNIC services obviously have no control
>    over this, except in as much as they can whine at the InterNIC to
>    fix it.

As was suggested, being able to lower the advertised MSS can work around
this issue.  There is only a problem if the MTUs of the interface used at
both endpoints are higher than the PMTU.

> 
>    This issue has been brought up before in other forums.  The correct
>    answer is for the InterNIC to either disable PMTU discovery, or
>    allow ICMP NEEDS FRAGMENT packets through their firewall.  They
>    have yet to do either.

Minor technical distinction: the problem almost certainly isn't their
firewall, but their load balancing box that doesn't rewrite ICMP can't
fragments.

> 
> 2) Fragmenting packets with the `don't fragment' bit set explicitly
>    violates the IP spec.  This is not a reasonable solution.
> 
> Rather than breaking the protocol, perhaps we should be concluding
> that this is just another aspect of the shoddy service we get from the
> InterNIC.

Of course.  But that is long understood that they are incompetent.  The
only new thing is that they are a lying incompetent organization, not just
incompetent.

So the conclusion to this is:

- implement PMTU-D blackhole detection in NetBSD and make NSI use that.

That is not an immediate solution, but neither is trying to make some
complex scheme where routers have to do all sorts of ugly junk.