Path MTU discovery in the presence of security gateways

Document Type Expired Internet-Draft (individual)
Author Michael Richardson 
Last updated 1998-09-04
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes the problem of getting accurate Path MTU infor- mation in the presence of untrusted routers. Typical Path MTU discovery is done by sending packets with the don't fragment bit set, and listen- ing for ICMP messages from routers that want to fragment the packets. Unfortunately, these messages could be forged, and IPsec based security system(s) can not pass make direct use of these messages. An alternate, backwards compatible algorithm is suggested.


Michael Richardson (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)