I'd add one sentence about Fred's observation too:
In addition, spoofed ICMP messages can also affect the correct operation
of PMTUD.
That'd do it...
Joe
On 2/7/2017 12:32 PM, otroan(_at_)employees(_dot_)org wrote:
Joe,
Thanks!
I appreciate that you want to not point at PLPMTUD because it's not
widely supported, but **for the same reason** this doc should not hold
up this solution without pointing out very clearly that it basically
isn't going to be work.
Would something like this help?
(borrowed from https://en.wikipedia.org/wiki/Path_MTU_Discovery)
"Many network security devices block all ICMP messages for perceived
security benefits, including the errors that are necessary for the proper
operation of PMTUD. This can result in connections that complete the
TCP three-way handshake correctly, but then hang when data is transferred.
This state is referred to as a black hole connection."
Best regards,
Ole