[ih] bufferbloat and modern congestion control (was 4004)
Alexander Schreiber
als at thangorodrim.ch
Sat Oct 5 12:59:52 PDT 2024
On Sat, Oct 05, 2024 at 12:50:13PM -0400, Vint Cerf via Internet-history wrote:
> isn't there more to ICMP than source quench? Seems wrong to ignore all ICMP
> messages.
Yes. A lot more, after all, it's called Internet _Control_ Messages
Protocol for a reason. One of the more obvious signs of "some clown
along the packet path drops all ICMP" is path MTU being broken, because
the ICMP Fragmentation Needed packets never make it back to you. It
also (obviously) breaks ping, which is annoying, but not as much as PMTU
discovery breakage. And yes, there are still plenty of people on links
with "MTU < Ethernet packet size" due to e.g. VPNs and such.
The Linkedin article in the previous mail has a good summary of the
things blocking ICMP breaks.
We've made fun of [censored] blocking ICMP "for security reasons" already
back in the 1990s when I first got on the Internet. I'm sure those on this
list older than me made fun of such people long before.
I'm disappointed, but not surprised, that there still seem to be people
who think "ICMP evil, only for h4x0rs, drop all". After all, there is
the evil bit (RFC3514) for easily blocking evil traffic. ;-)
On the other hand, networks blocking ICMP also helpfully announce to
the world "The [censored] in charge of our network have absolutely no
idea what they are doing and should not be in charge of anything more
complex than a simple broom".
And one (of many) ways to rile up competent networking folks is to
ask them (ideally looking all innocent and sincere if you can pull
that off) "So, blocking ICMP is just basic good network security policy,
right?" - be prepared to duck & run, though ;-)
Kind regards,
Alex.
--
"Opportunity is missed by most people because it is dressed in overalls and
looks like work." -- Thomas A. Edison
More information about the Internet-history
mailing list