Before anyone goes accusing people of "Breaking the Net" we should probably ask someone at Xtra what their policy actually is. Is there anyone on the list from Xtra who wants to comment on which ICMP they actually block (if any) Dean On Wed, Aug 22, 2001 at 01:46:37PM +1200, Craig Whitmore wrote:
I have no idea.. but if someone is filtering out All ICMP on Public Routable Addresses then they are "Breaking the NET" for a large number of users.. A little anoying yes. Also still a large number of routers still break ECN :-(
Thanks Craig Whitmore Orcon Internet http://www.orcon.net.nz
----- Original Message ----- From: "Dean Pemberton"
To: "Don Stokes" Cc: Sent: Wednesday, August 22, 2001 1:02 PM Subject: Re: XTRA network having problems? Now correct me if I'm wrong. But hasn't xtra/telecom always filtered out
ICMP?
Dean
On Wed, Aug 22, 2001 at 12:16:53PM +1200, Don Stokes wrote:
"Gordon Smith"
wrote: Site is up. All ICMP is blocked at the border router, instead of just filtering out undesirable ICMP traffic...
If you're really filtering *all* ICMP traffic, you've broken it. Path MTU discovery relies on ICMP fragmentation-required messages getting through, and *lots* of TCP implementations rely on MTU path discovery. It works fine as long as the MTUs are all the same, but when they aren't, or if encapsulation such as ESP or GRE are in use, it doesn't.
ICMP is there for a reason. If you don't know what you're doing, don't touch it.
-- don --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog