On Fri, 16 Oct 1998, tvo wrote:
Doesn't this break MTU path discovery though?
Yes. It breaks anything where ICMP messages have to get back to the origin system because it is perfectly legitimate (or necessary if they are used internally) for systems to filter ICMP from private address space. Note that if there is no MTU change at that point, there is no problem because there will never (well, almost never and the almost is dependent on having funky/broken routers) be any reason to be unable to fragment at that hop. As always, http://www.worldgate.com/~marcs/mtu/ for details on PMTU-D and why you break it and why you don't want to break it. This is _NOT_ just one of those odd theoretical problems but I have seen it in the real world (ATM <--> fast enet). I suspect that most people who have this problem don't know about it and could take a lot of convincing to understand it. It would appear, at first glance, that an option to configure your router to use a routed address (since most such routers have at least one routed address) for generating such ICMP would avoid the problem, at the expense of lying and the possible (human) confusion that could entail.