Elmer Joandi wrote:
> Alan Cox wrote:
> > > There are a -lot- of large sites that give us issues like this.
> > So mail lots of people. Cisco are I think now aware that their firewall
> > products dont handle ECN correctly but others might not be.
> > Or wait until more vendors roll out ECN
> There is another big problem like that...
> tunnels actually do not work on todays real internet...
> MTU 1500 is so much a standard that it starts killing tunnels.
> MTU < 1500 is not a working solution today thanks to (mostly
> linux based ? ) broken firewalls
The "broken" firewalls are those who block icmp naively. I use tunnels
great and the mostly perfect solution is to set the outbound route and
interface MTU to 1476. Works great lasts long time. And for the record
-every- time I have found a broken firewall dropping packets it has not been
a Linux based system.
Set your networking up right and it works right. People complain about
broken things but it almost always is poor understanding (mine included) of
how things work and having improperly set things up. True, documentation is
often sparse but we'll get there.
-- "The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' - the pig was 'committed'."
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Sep 07 2000 - 21:00:13 EST