[c-nsp] Hiding a Cisco Router from a Traceroute
Robert Kiessling
robert+c-nsp at josebus.org
Mon Oct 24 11:24:29 EDT 2005
Kristofer Sigurdsson wrote:
> If you use addresses for your router interfaces that cannot be reached
> from the general user [...] you will break MTU path discovery,
That's an argument frequently heard, but nontheless invalid.
All pMTUd needs is that the ICMP response from the router goes
back to the user. The other direction, whether the user can
reach the router, is irrelevant for that purpose.
> thereby making your users
> unable to reach a significant part of the Internet, and possibly a large
> number of users will be unable to reach your services (eg. www).
That's only true on a link with an MTU smaller than the packets
that should be sent over it.
In practice that means links with 1500 MTU never cause "fragmentation
needed" since packets will always traverse a network segment with an
MTU of 1500 or smaller before entering your backbone.
It typically causes issues (only) on DSL links, but I don't think
that's what the previous poster was asking about. And what I suggest
does not break pMTUd in any case.
Robert
More information about the cisco-nsp
mailing list