On Sat, Sep 02, 2000 at 04:12:04PM +0200, Elmer Joandi wrote:
> Alan Cox wrote:
>
> > > There are a -lot- of large sites that give us issues like this.
> >
> > So mail lots of people. Cisco are I think now aware that their firewall
> > products dont handle ECN correctly but others might not be.
> >
> > Or wait until more vendors roll out ECN
>
> There is another big problem like that...
> tunnels actually do not work on todays real internet...
> MTU 1500 is so much a standard that it starts killing tunnels.
> MTU < 1500 is not a working solution today thanks to (mostly
> linux based ? ) broken firewalls
I don't think they're mostly linux based. You can easily do
that misconfiguration with most firewalls (i've often see it
with Checkpoint for example)
Usually you can have a reasonable workaround by using a smaller
MSS (at least until non TCP pmtudisc isn't more widely deployed)
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Sep 07 2000 - 21:00:13 EST