Nortel Networks 620 User Manual

Advanced Features

E-DOC-CTC-20051017-0169 v0.1

Don’t Fragment bit

[force_df]

IPSec encryption increases the packet length. When the MTU of a link is adjusted to 
pass the largest IP packet unfragmented, then messages encapsulated by IPSec will 
not pass if the Don’t Fragment bit is set. In some cases, it might be required to 
influence the fragmentation behaviour to remedy such problems.

The SpeedTouch™ allows treating the DF bit in three different ways:

Pass the DF bit unchanged.

Force the DF bit to zero. With the DF bit cleared, fragmentation is allowed. 

Force the DF bit to one. With the DF bit set, fragmentation of messages is not 
allowed.

Minimal MTU [min_mtu]

This option sets the minimal negotiated value of the “Maximum Transmission Unit” 
(the largest packet size). The fact that no lower value than this minimal value is 
accepted forms a protection against an attack with ICMP “fragmentation needed” 
messages.

Add Route [add_route] 

This option is relevant in routed mode only. The option determines whether or not 
routes are automatically added to the routing table.

When enabled, a route to the remote red network is automatically added to the 
routing table, via the Physical Interface of the peer to which the connection is 
attached.

When disabled, the routing table has to be adapted manually in order to ensure IP 
connectivity between the local and remote red networks.

force_df

Possible values

default value

pass                    force_set               
force_clear

pass                    

min_mtu

Unit

default value

octets

1000

add_route

Possible values

default value

enabled
disabled

enabled