At 5:52 PM 2/11/95, Quentin Fennessy wrote:
> The IP addresses of our internal MX hosts are not routed
>on the Internet. Therefore none of our hardware would offer an
>ICMP message, I don't think. What I think happens for sites
>who attempt to connect to our internal MX hosts is that the
>default route for their Internet connection causes their packets
>to be sent out to some core internet backbone, and the backbone
>router reports back that the MX host is unreachable (ICMP message).
> I think I read in your message that your problem with
>my configuration is actually with sites who use this technique but
>do not return ICMP messages. If that is true, then we should pass
>your litmus test. (As long as the Internet core gateways remember
>that they don't know how to get to our internal network). Remote
>sites should get ICMP Host Unreachables as quickly as they can
>get to a core gateway.
A packet (destination = your internal network prefix) follows the path
of default routes until it reaches an Internet router which runs with
complete Internet routing and no default route. These routers (for no
apparent reason) are generally quite busy handling thousands of packets
_and_ processing significant inter-provider routing updates each minute.
You'd like this router to examine its entire routing table to determine
that indeed your network prefix is unknown, and then free up sufficient
memory and cpu resources to create and queue an ICMP unreachable packet?
It may not surprise you to find out that building such replies are not
exactly top priority, and you may not ever get that ICMP message if things
are too busy...
When you combine this situation with the reality that some SMTP gateways
are simply broken and will not try a second MX host under any circumstance
(one on-line service was notorious for such processing), you can understand
why a reachable initial MX host is considered a good idea.