Am 26.12.2025 um 06:08:34 Uhr schrieb William Herrin:
That's not really on the list of Internet problems with PMTUD. Not a lot of packets without the DF bit set any more.
No, the problem is there's lots of reasons for that ICMP packet to get dropped.
* No valid route from the complaining router to the packet origin.
IP is end-to-end. You're only supposed to have to guarantee routes between the endpoints, not between the midpoints and endpoints.
I do not understand that. If the router has a public routable address and either a default route to a router with full table, the packet should arrive. Otherwise a general routing problem exist. I am aware of such situations, but PMTU issues are just one of the many issues that are caused by this.
* Complaining router's interface is numbered with RFC1918.
Then the NAT mechanism is failing, as there must not be non-global addresses traveling AS borders. The NAT ACL must include all used addresses that are non-global.
And I haven't even touched the stupid firewall admins who erroneously block all ICMP "because it's ping." There are a lot of them.
I know, but they create there own problems and there is no need that ISPs circumvent their self-made problems.
No, if you don't want the headache of having to deal with every goofy little situation where PMTUD doesn't work and you _know_ you have a link with an MTU under 1500 (common with ISPs using PPPOE to the customer premise equipment) then you clamp the TCP MSS. You don't like it. But you do it anyway because tech support hours are expensive and that results in fewer of them.
I've never seen that yet at the ISPs I use. -- Gruß Marco Send unsolicited bulk mail to 1766725714muell@cartoonies.org