I have found 4 ways to get around the problem: 1) A somewhat effective fix is to have your users use a cache/proxy server. 2) Have your users lock there MTU to 1492 not 1500. 3) Some CPE routers will force 1492 MTU sessions. 4) Try to explain that ICMP is not just pings rate limit it don't drop it. Cisco's writeup on the problem: http://www.cisco.com/warp/public/794/router_mtu.html At 7:53 +0100 7/18/01, Simon Lockhart wrote:
I have confirmed that when I block all ICMP to/from a website, we cannot browse that site -- which is somewhat obivious. The question is, how, as an internet community as a whole, do we fix this?
Seems to me that most people using PPPOE would have a problem here. Or, am I alone?
My testing has been limited to Win2k, but I've heard similar reports on WinME, 98, etc.
We've come across this too, and spent quite a while diagnosing. The problem exists wherever there's an MTU reduction, and is caused by a combination of ICMP filtering (breaks PMTUD), and Microsoft's attempt at PMTUD (they just set the DF bit on all packets and expect to get an ICMP reply back if the packet is too large).
Simon -- Simon Lockhart | Tel: +44 (0)1737 839676 Internet Engineering Manager | Fax: +44 (0)1737 839516 BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
-- Scott A Silzer