[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP must fragment and IPsec

To: vjs@mica.denver.sgi.com, TCP-IMPL@RELAY.ENGR.SGI.COM, IPSEC@tis.com
Subject: Re: ICMP must fragment and IPsec
From: VOLZ@process.com (Bernie Volz)
Date: Mon, 23 Jun 1997 09:42 -0400
Sender: owner-ipsec@ex.tis.com

>What is this "other end"?
>If talking to the other end of a TCP connection were enough, then the
>MSS negotiation would be enough and the Path MTU Discovery mechanism
>would not be needed.  In fact, the MSS negotiation is often not enough
>because a vast number of boxes between the ends might legitimately tell
>you to reduce your MTU.

Please don't confuse MSS with MTU. The Maximum Segment Size has
*NOTHING* to do with MTU. The MSS reflects what the maximum segment
size a TCP implementation is willing and able to receive and that
has nothing to do with the MTU of an interface.

For example ... if MSS was MTU, what would happen if a multi-homed host
with an Ethernet and FDDI interface switched a connection from Ethernet
(w/MTU of 1500) to FDDI (w/MTU of 4352). You would *NOT* have wanted TCP
to send an MSS with only 1500.

- Bernie Volz
  Process Software Corporation

Prev by Date: RE: A little social engineering
Next by Date: request for time at IPsec session in Munich
Prev by thread: Re: ICMP must fragment and IPsec
Next by thread: Re: ICMP must fragment and IPsec
Index(es):
- Main
- Thread