What I suggested is a bit cleverer than that
Set the MTU to 64K
Set the MSS on the routers to the estimated path mtu
Now TCP generates frames the right size for optimal performance, everything
else hands down full datagrams and the world is a happier place.
You can't run path MTU discovery with IPsec. The DF could be faked and aimed
at dropping your link to unusably low speeds. Ignoring the DF could equally
be a complete link failure. So you don't run mtu discovery.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/