On Tue, May 16, 2023 at 1:38 PM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Tue, May 16, 2023 at 2:35 PM William Herrin <bill@herrin.us> wrote:
Ping is used by some versions of traceroute which can help the
I think you mean 'icmp' here. yes. I contend that traceroute (udp or icmp or tcp) TOWARDS a destination can be sometimes useful, sure.
I mean ICMP echo-request, colloquially "ping." Traceroute using ICMP needs the echo-reply from the destination to know that the trace reached the destination, just like it needs port unreachable for UDP and RST/SNYACK for TCP.
When working, it also lets the diagnostician know that the site's firewall administrator didn't ignorantly decide to block all ICMP. Which so very many ignorant firewall administrators do.
sure, but... 'ignorantly' seems to imply that their ideas of their best practice(s) are different from yours. They may have a valid reason to block icmp, even all icmp.
Since that breaks PMTUD on a public-facing service, I'm entirely satisfied with my description of it being ignorant. There is, quite simply, no valid reason to broadly block ICMP type 3 (destination unreachable) messages to and from any public facing service. Not ever. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/