Subject: Re: PMTUD blackhole detection
To: None <tech-net@netbsd.org>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-net
Date: 05/07/2001 09:48:21
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "itojun" == itojun <itojun@iijlab.net> writes:
itojun> we may be able to go through tcb table and mark all the tcp
itojun> connections between the same address pair as "PMTUD broken".
Okay.
itojun> however, i don't really like this since PMTUD breakage detection
itojun> is way too unreliable. if we have a reliable way to detect PMTUD
itojun> breakge, "mark all connection" approach looks fine for me.
If it has false positives (there is a blackhole), then we waste bandwidth.
If it has false negatives, then we have dead connections.
I know which one that I prefer :-)
If the rate of false positives is very high, then some may argue that this
is equivalent to turning off PMTU, but I'd rather have it on.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface
iQCVAwUBOvanpIqHRg3pndX9AQEwMwQAgIKO8a1BiAqJs2vBRw8l4V9rFkXSKMzi
s9U41MMSAiuOmsgN3ah6C+rMR5PNg7AsWM/Mw6OCPsTNInV4AVvC+/2dKPgoJgp0
Z6P6T66jvjZNGgOejfqiJHbxc+ht+p6ytA7iJ+IIkiLACM/GVrkb5fT1aXVpKPyI
ZnMn3NoPlKY=
=8WDw
-----END PGP SIGNATURE-----