On Fri, Jan 19, 2018 at 8:48 AM, Mike Hammett <nanog@ics-il.net> wrote:
Other than people improperly blocking ICMP, when does PMTUD not work? Honest question, not troll.
Hi Mike, One common scenario: the router's interface is numbered with an RFC 1918 private IP address. The packet is dropped because it tries to enter an adjacent system with a source address that isn't valid for the transit. Another common scenario: the packet is encapsulated in MPLS when it reaches the segment which can't handle the large packet. That particular router is not set up to decapsulate the MPLS packet and act on the IPv4 packet inside. A third scenario: asymmetric routing. A particular router is capable of moving packets to your destination but either intentionally or due to a configuration error is unable to route packets back to the source. A fourth scenario: for security reasons (part of defense in depth), a host is only permitted to communicate with whitelisted IP addresses. Random Internet routers are not on the whitelist. PMTUD's routine failure demonstrates the wisdom of the end to end principle. It's the one critical place in base IPv4 that doesn't follow it. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>