>>>>> On Wed, 23 Mar 1994 07:08:57 -0700 (MST), jpf @
mig .
com (Jack
jpf> Flory) said: Content-Length: 785
>>>>>> On Mon, 21 Mar 1994 16:41:42 -0800, Andrew Purshottam
> andy> <andy @
autodesk .
com> said: Content-Length: 925
>
> andy> what is happening is that the paranoid cisco is returning ICMP
> andy> unreachable for my companies net, and this is causing all
> ...
> andy> squish but needing only a finger to activate? Is there any
> andy> easy way to prevent this behavior?
>
>use cisco's interface command 'no ip unreachables' on the border
>router's outer interface. That should fix it.
>
jpf> Yes, this will screen the ICMP packets. The down side is that all
jpf> ICMP Unreachables would be screened, causing true unreachable connections
jpf> to appear to hang until the connection timed out. If the cause
of
Squashing outgoing network unreachables from an internet leaf node
(most firewalled sites) should not really cause much loss of
functionality, and it fixes the problem.
jpf> Andy's problem is the kernel bug, an OS upgrade is probably the
jpf> best solution.
Trying to get another site to put in the work of an OS upgrade because
of a peculiarity with your site is guaranteed to be the slowest way to
get your problem fixed.
Does anyone know if solaris 2.x has eliminated the dest. unreachable
bug??
-Rens
References:
|
|
