North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: 92 Byte ICMP Blocking Problem
Once upon a time, Steven M. Bellovin <email@example.com> said: > In message <20030912175258.GB616832@hiwaay.net>, Chris Adams writes: > >Yes. As soon as we put the policy route map in place, we had some > >people unable to talk via SSH, SMTP, or POP3. It was random: one person > >here in the office couldn't SSH to a particular server. He could SSH to > >other servers, and the rest of us could SSH to the server he could not. > >We had similar experiences with SMTP and POP3. When we took the policy > >route map back out, the problems went away. > > > >This is with IOS 12.0(25)S1 on a 7513 doing dCEF. We put the policy > >route map on the FE interface linking this router to the POP core > >router; this router has MC-T3 interfaces and ethernets to Ascend TNTs > >and such. The intent was to stop the 92 byte ICMP echos from reaching > >the Ascend TNTs, since several of them were rebooting constantly. > > I wonder if it's a Path MTU problem. Can you turn off Path MTU on some > of the affected hosts and see if it solves the problem? I don't have it in place anymore (because it caused more problems than it fixed), so I can't test this. In any case, the route map only matched 92 byte ICMP echo and ICMP echo-reply packets, which is not what PMTU uses, so it shouldn't have had a problem. Also, I know that the MTU along the path for the person in the office is the same all the way, so PMTU shouldn't come into play there. -- Chris Adams <firstname.lastname@example.org> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.