Hierarchial routing, not routing protocols: from far-end points to backbone
and back out. Different interfaces support different MTU's. In this context,
let's say your lowest common denominator starts at (A maximum of) 64000 MTU,
from your GBit. Jumbo frames. Somewhere in that range I think. Let's say
your pipe to the internet is an OC-3, an edge router. What is that, 9172
MTU? Your MTU has just been sliced and diced and PMTU-D, from it's return
"Packet too big" ICMPs has cut it down to size. You basically said it
already, and in fact the RFC defines this as well, though does not go into
further detail. This is what I think is meant by hierarchial routing.
Concerning ACLs, I don't see a problem filtering ICMPs using source and
destination addresses. An admin's source and destination address or just
his/her source being permitted? I believe there are also methods of
filtering ICMP types as well, as defined in RFC1700?
Yes Networks are private, and using firewalls help keep them that way. Can
you login to a private network? Just because you can ping does not grant you
access..And just because they have an internet line does not make them
public domain.
Marc