[harden-mac:0114] Fw: PMTUD breakage at www.apple.com and downloads.apple.com

[itojun@xxxxxxxxxx (Jun-ichiro itojun Hagino)]

	apple.com配下のweb serverは、ほとんど全てPMTUDが壊れていて
	フレッツADSL配下等、MTUの小さいリンクの裏側からではsoftware updateが
	動きません。わたしは大層困っています。
	(MSS clampingなんか絶対したくない)

itojun

--- Begin Message ---

• To: product-security@xxxxxxxxx
• Subject: PMTUD breakage at www.apple.com and downloads.apple.com
• From: Jun-ichiro itojun Hagino <itojun@xxxxxxxxxx>
• Date: Mon, 23 Sep 2002 11:11:23 +0900

        it seems that www.apple.com and downloads.apple.com machine has PMTUD
	breakage.  this prohibits Software Update, nor web browsing, from
	functioning from behind networks with smaller MTU (very common in DSL
	settings), like:

	apple servers
	  | MTU=1500
	router A
	  | MTU=1500
	router B
	  | MTU=1400
	router C
	  | MTU=1500
	MacOS X machines

        (these machines themselves turn PMTUD on, and you have some
        router like router A filtering ICMP need fragment message from router B
	to apple servers).

        to fix it, do either of the following:
        - turn PMTUD off on the machines
        - don't filter ICMP need fragment on your routers

        it could be issue with with web load balancing product you are
        using, so you may want to contact the vendor.

        for more problem details, see RFC2923.

itojun

--- End Message ---