Forum Discussion
Thanks, guys, for the responses.
To answer Q1 - yes, regular packet forwarding is a non-issue. I went through the extra step of creating ICMP virtual forwarders (locked to protocol number 1). I have default IP forwarders that listen for all protocols.
To answer Q2 - I'm running 11.4.1. I reviewed that SOL yesterday, and the odd part is that I actually never receive the Type 3 Code 4s that this bug mentions.
It smacks of a "simple" MTU issue, where payload sizes <= 1454 work. Again, though, all VLAN MTUs are set to 1500.
As I was about to type my next statement about upstream switch interface MTU (they support jumbo frames), I'm now wondering if perhaps this could be an issue. Hmm. Running .1Q over an upstream interface that has an MTU of 9198 bytes. I'd expect TCP to deal with this when it sets up a connection (using its advertised MSS), but I believe ICMP would not be able to fragment if fragmentation was needed. The downstream and upstream user paths are all MTU 1500, and thus why 99.9% of my traffic flows are forwarded without issue.
Let me pursue this angle and I'll post back my findings. I welcome everyone's thoughts as well.