Now correct me if I'm wrong. But hasn't xtra/telecom always filtered out ICMP? Dean On Wed, Aug 22, 2001 at 12:16:53PM +1200, Don Stokes wrote:
"Gordon Smith"
wrote: Site is up. All ICMP is blocked at the border router, instead of just filtering out undesirable ICMP traffic...
If you're really filtering *all* ICMP traffic, you've broken it. Path MTU discovery relies on ICMP fragmentation-required messages getting through, and *lots* of TCP implementations rely on MTU path discovery. It works fine as long as the MTUs are all the same, but when they aren't, or if encapsulation such as ESP or GRE are in use, it doesn't.
ICMP is there for a reason. If you don't know what you're doing, don't touch it.
-- don --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog