> The even stranger case was when there was a Linux box doing forwarding that had segment offload left on. It was taking in several 1500 byte TCP packets from one side, smashing them into ~9000 byte monsters, and then tried to send those over a VPNish network interface that absolutely couldn't handle that. Even if the network in the middle bothered to generate the ICMP too big message, the source would have been thoroughly confused because it never sent anything over 1500.

This is an old Linux tcp offloading bug; large receive offload smooshes the inbound packet, then it's too big to forward.

I had to track down the other side of this. FreeBSD used to resend the whole send queue if it got a too big message, even if the size did not change. Sending all at once made it pretty likely for the broken forwarder to get packets close enough to do LRO, which resulted in large enough packet sending to show up as network problems.

I don't remember where the forwarder seemed to be, somewhere far away, IIRC.

> PMTU just doesn't feel reliable to me because of poorly behaved boxes in the middle. The worst offender I've had to deal with was AWS Transit Gateway, which just doesn't bother sending ICMP too big messages.

Passive PMTUD does NOT depend on ICMP messages.

L2 not generating errors is expected behaviour - all ports on the L2 network are supposed to have the same MTU set

They recently started supporting pmtud on tgw. But it wasn't a big deal really as it adjusted mss instead.

That particular one, only TCP. There is a different one for UDP applications: https://www.rfc-editor.org/rfc/rfc8899

Because UDP is only a very thin layer, each layer on top (eg, QUIC) has to implement PLPMTUD; although, recently IETF standardised a way to extend UDP to have options and PLPTMUD is also specified for that: https://datatracker.ietf.org/doc/draft-ietf-tsvwg-udp-option...

You can implement passive PMTUD with UDP if you like. It's more work for you, but it's perfectly doable.