RE: Banking/Hospital Problems and MTU
Probably the reason its not on by default, is because it is not a "fix", its just a workaround, to work around braindead firewalls that block all ICMP.
Agreed, it's a hack...but it's not only firewalls that drop ICMP...I came across this a few years ago with a WAN router that was misbehaving between Token Ring and Ethernet segments.
As such there would probably be considerable sacrifice in performance when it has to operate - first of all there will have to be a few lost retransmitions of large MTU packets before it realises something is wrong, and then (from Juha's post) it just drops the MTU to 536 for further communication, which is definately sub optimal, depending on what the real maximum MTU of the path is...
Yes, although it will only kick in on these sites that have this problem. It's dynamic on a per connection basis. Overall performance on the majority of connections won't be affected, as the 'ol TCP stack will behave as intended.
If it was on by default, it would hide the real problem, and nothing would ever get done about it.
Fixing is always better than working around, but given that ICMP access policy at the far end of the pipe is not something that Joe User usually has a lot of control over, then something that will work is probably better than something that doesn't. (From a user perspective) Unless it has some other negative impact.... Rob -- The information contained in this e-mail message is intended only for the use of the person or entity to whom it is addressed and may contain information that is CONFIDENTIAL and may be exempt from disclosure under applicable laws. If you read this message and are not the addressee you are notified that use, dissemination, distribution, or reproduction of this message is prohibited. If you have received this message in error, please notify us immediately and delete the original message. You should scan this message and any attached files for viruses. Axon Computertime accepts no liability for any loss caused either directly or indirectly by a virus arising from the use of this message or any attached file. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (1)
-
rob.edkins@axon.co.nz