[21929] in North American Network Operators' Group
Re: SOLVED! The cause of puzzling TCP (eg. WHOIS) connection failures with some InterNIC.net hosts
daemon@ATHENA.MIT.EDU (Mark Kosters)
Tue Nov 24 11:41:46 1998
Date: Tue, 24 Nov 1998 11:07:40 -0500
From: Mark Kosters <markk@internic.net>
To: "Greg A. Woods" <woods@weird.com>,
North America Network Operators Group <nanog@merit.edu>,
NetBSD Networking Technical Discussion List <tech-net@NetBSD.ORG>
Cc: Mark Kosters <markk@internic.net>
In-Reply-To: <m0zgy3D-0009LDC@most.weird.com>; from Greg A. Woods on Fri, Nov 20, 1998 at 04:25:11PM -0500
On Fri, Nov 20, 1998 at 04:25:11PM -0500, Greg A. Woods wrote:
> The problem has to do with the failure of a host to fragment larger
> packets on demand (i.e. when the other host sends an ICMP "needs frag"
> notification). This may be because the ICMP packet never gets through
> (perhaps someone who didn't understand TCP/IP and ICMP and everything
> else related implemented a filter on all "abnormal" ICMP packets); or it
> may be because the receiving host doesn't understand the ICMP "needs
> frag" request (and also doesn't implement path MTU discovery, or have I
> got that backwards?).
>
> No matter what the problem really is, I'm sure a *lot* of people would
> be much happier if this problem were fixed, specifically for the WHOIS
> service (though I've also had troubles receiving HTTP too). I got quite
> a few replies about similar experiences when I first posted about this
> on NANOG recently.
Thanks Greg for the good information.
The InterNIC load balancers (BigIP made by F5 Labs) do have a problem with
path MTU discovery. We have taken a short term fix of turning off path MTU
discovery on the hosts behind BigIP until F5 issues a fix.
Regards,
Mark
--
Mark Kosters markk@internic.net InterNIC Registration Services
PGP Key fingerprint = 1A 2A 92 F8 8E D3 47 F9 15 65 80 87 68 13 F6 48
I am not a spokesperson for NSI. Anything I write or say is my personal
opinion and in no way should be interpreted as NSI's official position.
