[103157] in North American Network Operators' Group
Re: mtu mis-match
daemon@ATHENA.MIT.EDU (Pekka Savola)
Thu Mar 20 04:08:56 2008
Date: Thu, 20 Mar 2008 10:07:45 +0200 (EET)
From: Pekka Savola <pekkas@netcore.fi>
To: ann kok <annkok2001@yahoo.com>
cc: nanog@merit.edu
In-Reply-To: <868830.11903.qm@web53307.mail.re2.yahoo.com>
Errors-To: owner-nanog@merit.edu
On Wed, 19 Mar 2008, ann kok wrote:
> Some DSL clients, some are working fine.
> (browsing...ping ...)
>
> Some DSL clients have this problem
> they can't browse the sites.
> they can ssh the host but couldn't run the command in
> the shell prompt
> ping packet are working fine (no packet lost)
Seems like that when the first packet that exceeds MTU (I guess 1492)
on the path is sent, you get a PMTU blackhole. You will see the same
problem if you ping with big packets.
As to why some clients work and others do not -- a good question. I
have some theories on this point (different behaviour wrt setting DF
bit; no MSS clamping and some DSL clients have MTU=1492 exposed to the
user, others have a middlebox router which shows MTU=1500; some
others).
You may want to check that both ends are receiving ICMP packet too big
messages (i.e. a firewall doesn't filter them out).
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
