10 May
2003
10 May
'03
11:17 p.m.
This is a new problem to me, but I'm sure people have run into it before. Are the servers really that broken (PMTU enabled, ICMP Can't Fragement filtered)? Does the head end box of DSL services generally do something to work around this (ie, clear the DF bit)? Am I just being an idiot and missing something obvious?
This is fairly common, since PMTU-D is generally enabled by deafult, and for better or worse, many folks filter all ICMP, despite the bad effects that can lead to. I've had arguments with customers about their having a broken config, but their unwillingness to believe it because "they haven't changed anything". The only real workaround is to have a minimum MTU of 1500 across your network including all encapsulation.