MoinQ:

Path_MTUについて、ここに記述してください。

https://en.wikipedia.org/wiki/Path_MTU_Discovery

PMTUD is standardized for IPv4 in RFC 1191 and for IPv6 in RFC 1981.

RFC 4821 describes an extension to the techniques that works without support from Internet Control Message Protocol.

Path MTU discovery in practice 04 Feb 2015 by Marek Majkowski. https://blog.cloudflare.com/path-mtu-discovery-in-practice/

/marek

ICMP blackhole check http://icmpcheck.popcount.org/

/blackhole


Many network security devices block all ICMP messages for perceived security benefits,[6] including the errors that are necessary for the proper operation of PMTUD. This can result in connections that complete the TCP three-way handshake correctly, but then hang when data is transferred. This state is referred to as a black hole connection.[7]

1. Matthias,

Path MTU Discovery Considered Harmful https://ieeexplore.ieee.org/document/8416351

Abstract: Path MTU Discovery (PMTUD) allows to optimize the performance in the Internet by identifying the maximal packet size that can be transmitted through a network.

Despite the central role that PMTUD plays in the Internet communication, it has a long history of software bugs, failures and misconfigurations.

In this work we explore the benefits versus drawbacks of PMTUD in the Internet from the clients and servers perspective.

First, we examine the fraction of clients that use PMTUD. To that end we analyse ICMP PTB messages in CAIDA Internet Traces and show that the fraction of networks using PMTUD is negligible and that this number is further decreasing over the period of 2008 - 2016.

Second, we evaluate the fraction of popular web servers that support the PMTUD mechanism and show that a large number of the servers block "ICMP packet too big" messages.

On the other hand, we show easy and efficient - even though well-known - degradation of service attacks that exploit the availability of PMTUD. Since the benefit of PMTUD is questionable, and in contrast it exposes to degradation of service attacks, we advocate to stop using it. As with any new change in the Internet, the implications of our recommendation should be carefully evaluated and gradually implemented.

In the meanwhile, we provide recommendations for mitigations against the degradation of service attacks.