SUMMARY: Network MTU Size

From: Procter, Paul Mr (EDS) (edsbicapps58_at_dlo.gsi.gov.uk)
Date: 06/16/03

  • Next message: François Legal: "Solstice Admin Suite in NIS+ environment" 
    To: "'sunmanagers@sunmanagers.org'" <sunmanagers@sunmanagers.org>
Date: Mon, 16 Jun 2003 08:04:52 +0100

    Dear all,

    Many apologies (Thanks for the reminder Bruce) for not fully restating the question, I also realised that on re-reading my posting that I had not given a decent enough response. So apologies again.

    ========================================================================================

    Original Question:

    I have been requested to install a system requiring a MTU size of 1476. I have trawled the documentation and it would suggest that this is ok as long as the recieving network is set to the same or something managable.

    Has anyone lowered the default MTU value of 1500 with any success and also what are the pitfalls?

    ========================================================================================

    Response:

    Many Thanks to all thoses that responded to this question everyone seemes to suggest that this was ok but to be careful and 'keep an eye' on what happens to the network.

    The most comprehensive response I recieved was:

    / / /

    If your network hardware is configured properly, there's no problem.

    If you drop ICMP MTU discovery packets, you won't be able to pass
    any traffic.

    So make sure your network guys aren't doing the boneheaded (and
    against RFC 2979[1], see section 3.1.1) thing with their firewall,
    and you're fine.

    You'll still be screwed getting to OTHER broken sites, though, so
    you may want to make sure your clients are also not boneheaded. If
    your ISP drops ICMP, you're probably screwed.

    / / /

    So It looks as though we will be going ahead with the smaller MTU size and hopefully all should be ok.

    Again, many thanks,
    Paul Procter
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: François Legal: "Solstice Admin Suite in NIS+ environment"

    Relevant Pages

    • Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]
      ... Otherwise the ISP is just ... My most recent contacts were in response to appeals here by "imhotep" ... got an abuse complaint for email coming from our network, ... system on a server that saw all traffic coming from the customer side ...
      (comp.os.linux.security)
    • R: SLA Security
      ... Maybe this one good parameters for a Security SLA? ... > response from downstream networks. ... > educational network. ...
      (Security-Basics)
    • RIAA filters, was Re: Stability in Feedback Amplifiers, Part Deux-A
      ... On page 526 of "Valve Amplifiers", the following formulas for the network ... Jones claims these formulas are exact. ... If you have a known accurate reverse eq network and reliable flat signal ... until the desired flat preamp response is achieved. ...
      (rec.audio.tubes)
    • Re: reaching website
      ... network and have no business reason to communicate with the domain. ... my first response is at our firewall layers which I have immediate control. ... Due to space and time consideration I tend to block a subnet ranges if something is occurring from a location that has not been defined as being business critical as a first response. ... I still stand by response for user to talk to his network administrators as they are the ones empowered to fix the issue versus user trying various methods on his own to work around the communication problem. ...
      (alt.computer.security)
    • [Full-Disclosure] Authorities eye MSBlaster suspect (long reply)
      ... Although segments of that network are cordoned off (and I ... the incident which requires the response. ... issues that that the old (and normally less secure) systems shall vanish. ... Recall that security balances against usability and resources. ...
      (Full-Disclosure)