Date: Sat, 13 Dec 1997 15:37:55 +0100 (MET) From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-hackers@freebsd.org Subject: Re: I seriously need some networking help Message-ID: <199712131437.PAA22262@uriah.heep.sax.de> References: <199712110048.BAA09610@uriah.heep.sax.de> <Pine.BSF.3.95.971210190020.1361E-100000@alive.znep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Marc Slemko <marcs@znep.com> wrote: >> Sure, but that's only a cosmetical problem. I've seen 10.* >> intermediate network addressess even on major Internet relays when >> tracerouting. > So tell me what happens when the box that interface is on needs to send an > ICMP message like can't fragment? > > What IP does it use? If it uses the private one, you lose. This does > break things like PMTU-D. It doesn't, even if the IP source address is 10.*. As long as the ICMP packet has the correct recipient address, it will arrive, and the (original) sender takes the appropriate actions -- it couldn't verify the validity of the ICMP packet's sender address anyway, be it 10.* or anything else. Besides, you could setup the configuration in a way so PMTU-D happens at the inbound interface, but not between the various routers that are linked by 10.* addresses. Likewise, ensure the routability of the packets is already checked at the inbound interface, so ICMP dst unreach packets will be sent from there. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712131437.PAA22262>