[c-nsp] Can Ping Websites but cannot browse.
Alexander Clouter
alex at digriz.org.uk
Tue Nov 3 03:39:54 EST 2009
Hi,
* Dale Shaw <dale.shaw+cisco-nsp at gmail.com> [2009-11-03 11:18:01+1100]:
>
> On Tue, Nov 3, 2009 at 1:26 AM, Alexander Clouter <alex at digriz.org.uk> wrote:
> > It is a pretty impressive [read: hard/unusual -- Ed.] to screw up non-SSLed traffic with an MTU
> > issue,
>
> In "Opposite Land"? or in a land where IPSec and PPPoX don't exist? :-)
>
Well at $ORK[-1] I was an ISP packet pusher and there all those 'factory
default'ing 1492 MTU routers that blocked all ICMP traffic used to drive
us mad. There regular HTTP traffic was always fine[1] as the request
always fitted with no problem within a single MTU...it was only when you
slapped on some SSL action (or tried to SMTP something about) that the
MTU issue would appear.
So 'opposite' land being CPE rather than core networking land...hence my
"you have to be a special person to have done this". Even the greatest
ICMP offenders of the Internet (financial institutions) just gave up
dealing with this crap and cranked all their servers to shunt their MTU
to 1000ish and tinker with the MSS on the inbound TCP SYN packet.
So...this is why I focused on the "cannot browse websites", I personally
am just stunned the helpfulness[2] of the group to such a vague
question. If any of the helldeskers here said that (which they often
do, *sigh*) I have to re-remind them with the public flaying... :-/
Cheers
[1] back in the day when you did not have honkingly large cookies, wtf?
[2] come on guys, I felt you were all much more on the ball the way you
handled http://marc.info/?l=cisco-nsp&m=125441497832189&w=2 :)
--
Alexander Clouter
.sigmonster says: A vivid and creative mind characterizes you.
More information about the cisco-nsp
mailing list