tech-net: Re: Patch for timiting TCP MSS (i.e. for new PPPoE)

Subject: Re: Patch for timiting TCP MSS (i.e. for new PPPoE)
To: None <tech-net@netbsd.org>
From: Hal Snyder <hal@vailsys.com>
List: tech-net
Date: 12/07/2001 18:12:20

Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us> writes:

> here's another picture:
> 
>____         ----           ____                ______        ______
>|CL|----E----|NB|----POE----|RB|----Internet----| FW |--------| WS |
>----         ----           ----                ------        ------
> 
> FW = "Firewall"; "WS" = "Web server".
> 
> "WS" sends out 1500-byte packets with DF set.
> 
> 1500 byte packet gets to "RB"; "RB" sends ICMP "fragmentation needed"
> back to WS.
> 
> "FW", configurated in violation of RFC2979, blocks all ICMP packets,
> including ICMP "fragmentation needed" messages, so WS never knows to
> shrink its MTU to CL.

What Bill says. Here's another picture. "R" is a generic IPv4 router
(e.g. Zebra/NetBSD) connecting one enterprise site to another over a
private link. The "NB" routers are BGP peers to each other and to
external ISP's.

Same problem. No PPPoE, just GIF wrapper for iBGP.
              
____         ____  ___     ___  ____               ____      ____
|CL|----E----|NB|--|R|-WAN-|R|--|NB|---Internet----|FW|------|WS|
----         ----  ---     ---  ----               ----      ----
               \...  iBGP/gif .../