ICMP packets

[Michael Niksch]

There are operating systems, e.g. AIX, that have path mtu discovery
turned on by default. This means whenever they talk to a new address,
they create an explicit entry in the routing table which holds the
maximum mtu size that can be used on the path to that address. In order
to discover that size, they try ICMP echo requests of various packet
sizes with the no-fragment bit turned on. From time to time, they try
to revalidate the path mtu size. Unfortunately, I have seen situations
where such routing table entries weren't cleaned up, even if they
hadn't been used for ages (probably because the operating system
counted that revalidation itself as another use).

For servers like DNS servers, which tend to talk to a very large number
of clients, path mtu discovery is a rather bad idea. If your server has
turned it on, just turn it off. However, as your echo requests are
inbound, it looks more as if a large fraction of your clients might
have it turned on. If you have no way to change that, you might
consider using a firewall to drops all the inbound echo requests and
thus reduce the load on your actual server.

-- 
Michael Niksch                     /Zurich/IBM @ IBMCH
IBM Zurich Research Laboratory     nik at zurich.ibm.com
Saeumerstrasse 4                   http://www.zurich.ibm.com/~nik/
CH-8803 Rueschlikon / Switzerland  P: +41-1-724-8913 F: +41-1-724-8080