Also sprach Mike Andrews
Sure would be nice if we could just cluebat all the people that run websites that have that problem. Point them all to a site like
Hint to firewall administrators: DO NOT BLINDLY BLOCK ALL ICMP TRAFFIC. It's a dumb idea. Some ICMP is essential. This exact problem is why.
The problem is that its not always just firewalls that cause the problem. Load-balancing software and appliances (BigIP, Cisco LocalDirector, etc.) are notorious for not handling ICMP Fragmentation needed but DF set messages correctly. Those are a bit harder to deal with than firewall configs. :/ -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456