On Wed, Dec 24, 2025 at 8:59 PM Marco Moock via NANOG <nanog@lists.nanog.org> wrote:
Am 25.12.2025 um 01:08:05 Uhr schrieb Andrew via NANOG:
- Using any form of NAT / packet translation with IPv6 (not including nat64 / other v4 transition related)
Don't do that, there is enough address space for the customers.
Hi Marco, It depends on the price. When you're trying to minimize the price of your service, IPv4 addresses have become one of the expenses you can tweak.
- TCP MSS - MSS Clamping all connections
- TCP MSS - MSS Clamping, but you instead (accidentally?) set MSS to your desired value even if it was lower before
This is crap. ICMP exists for this and also works for UDP.
With due respect, it's no secret that PMTUD on the Internet is broken. There are just too many ways for that ICMP packet from the middle box to get lost and not all of them are a result of ignorant configuration. PMTUD is one of the very few places that IPv4's designers broke with the end-to-end principle and it shows. If you know you're transiting a link with an MTU below 1500, reliable use means clamping the MSS. Sorry, but that's how it is these days.
- Related to above - Network accepts TCP connection which it will intercept (sends SYN/ACK to user) before it confirms that the destination is reachable
Are you a crappy ISP that really needs to do this?
Geostationary satellite. You HAVE to do things to speed up TCP or the customer feels the pain. And before you say Startlink is the answer... it turns out they drop a burst of packets every 15 seconds when they adjust the antenna. Every. 15. Seconds.
- Dropping/resetting port 80 sessions that don't ‘look like’ HTTP
- Dropping/resetting port 443 sessions that don't ‘look like’ TLS
Can you please stop interfering connections? You are an ISP and people pay your for transferring the data they requested.
This is usually done by enterprises rather than ISPs. Except when the DDOS mitigation service is active. Then they're quite pointedly filtering out non-standard traffic. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/