| 1 |
> Communications between IPv4 end points use PMTUD by setting a Don't Fragment |
| 2 |
> (DF) bit in the headers of the outgoing packet. If a router/server along the |
| 3 |
> path has a smaller MTU, it will drop that packet and respond with an ICMP |
| 4 |
> 'Destination Unreachable -- Fragmentation Needed' packet including its smaller |
| 5 |
> MTU value. Upon receiving this smaller packet value the initiating host will |
| 6 |
> dynamically reduce the size of the outgoing packets, until the packet arrives |
| 7 |
> at its intended destination. PMTUD should always be switched on in any well |
| 8 |
> behaving network implementation, but here's the rub: some network nodes, |
| 9 |
> firewalls, servers are configured to never respond with *any* ICMP packets |
| 10 |
> (because they think that this is a way to avoid DDoS problems and the like). |
| 11 |
> Therefore, the initiating host keeps sending large packets never knowing that |
| 12 |
> they are dropped on the way. This network problem is known as a PMTUD black |
| 13 |
> hole and is explained better here: |
| 14 |
|
| 15 |
Could ICMP packets not getting through be to blame for my proxy server |
| 16 |
problem? My laptop can't seem to ping anyone (blocked at the firewall |
| 17 |
in this hotel I suppose) and certainly the proxy server can't ping my |
| 18 |
laptop. |
| 19 |
|
| 20 |
- Grant |
Archives