[c-nsp] Cisco Processing Regarding ICMP
Gert Doering
gert at greenie.muc.de
Sun May 11 14:02:18 EDT 2008
Hi,
On Sun, May 11, 2008 at 08:45:12PM +0400, Alexandre Snarskii wrote:
> On Sun, May 11, 2008 at 05:58:01PM +0200, Gert Doering wrote:
> > On Sat, May 10, 2008 at 03:39:23PM -0500, alaerte.vidali at nsn.com wrote:
> > > Because internal network design requirements, it is necessary decrease
> > > internal MTU to slight lower than 1500 bytes,
>
> It's not so *really* unusual. Some parts of access layer in our
> network is PPPoE over some 'really cheap' switches, which have no
> option to support MTU of 1504 (1500 + PPPoE overhead).
Well, sure. As soon as end-user access comes into play and you have
PPPoE, you usually end up with 1492 byte IP MTU.
Which is annoying, but can normally be handled fairly well by the
aggregation layer.
The specific thread mentioned a 7600 being at the boundary between
"1500 MTU" and "less-than 1500", which is very untypical for PPPoE
environments, as the 7600 can't (reasonably) do PPPoE.
> > Expect fun with all the sites out there that have Issues with PMTUD. Lots.
>
> 'ip tcp adjust-mss' helps. Really helps. I never heard about MTU issue
> for years we running PPPoE...
I've run into lots of unnecessary trouble with smaller-than-1500 MTU - and
"ip tcp adjust-mss" won't fix your customer's IPSEC VPNs, for example.
*Usually* it's just a misconfiguration somewhere (filtering fragments,
filtering ICMP [because it's evil!], ...) but having a reasonable MTU
would be *so* much easier in the long run...
Actually I'm pretty amazed that folks seem to accept that "it must be
this way" - all DSL gear that's build today is build in the knowledge
that PPPoE exists, and ethernet chips that can handle 1508 just fine
*do* exist. So having 1500 byte IP MTU even with PPPoE would be
possible if people just *wanted* it...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080511/1d7bbbbe/attachment-0001.bin
More information about the cisco-nsp
mailing list