Skip to main content

Path MTU discovery in the presence of security gateways

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Michael Richardson
Last updated 1998-09-04
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document describes the problem of getting accurate Path MTU infor- mation in the presence of untrusted routers. Typical Path MTU discovery is done by sending packets with the don't fragment bit set, and listen- ing for ICMP messages from routers that want to fragment the packets. Unfortunately, these messages could be forged, and IPsec based security system(s) can not pass make direct use of these messages. An alternate, backwards compatible algorithm is suggested.


Michael Richardson

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)