[39603] in North American Network Operators' Group
Re: PPPOE, MTU, and boom.
daemon@ATHENA.MIT.EDU (Scott Silzer)
Wed Jul 18 03:55:45 2001
Mime-Version: 1.0
Message-Id: <p0510030ab77af10d71c7@[192.168.1.69]>
Date: Wed, 18 Jul 2001 03:53:52 -0400
To: nanog@nanog.org
From: Scott Silzer <scotts@iprimus.ca>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Errors-To: owner-nanog-outgoing@merit.edu
I have found 4 ways to get around the problem:
1) A somewhat effective fix is to have your users use a cache/proxy server.
2) Have your users lock there MTU to 1492 not 1500.
3) Some CPE routers will force 1492 MTU sessions.
4) Try to explain that ICMP is not just pings rate limit it don't drop it.
Cisco's writeup on the problem:
http://www.cisco.com/warp/public/794/router_mtu.html
At 7:53 +0100 7/18/01, Simon Lockhart wrote:
> >I have confirmed that when I block all ICMP to/from a website, we cannot
>>browse that site -- which is somewhat obivious. The question is, how, as
>>an internet community as a whole, do we fix this?
>>
>>Seems to me that most people using PPPOE would have a problem here. Or, am
>>I alone?
>>
>>My testing has been limited to Win2k, but I've heard similar reports on
>>WinME, 98, etc.
>
>We've come across this too, and spent quite a while diagnosing. The
>problem exists wherever there's an MTU reduction, and is caused by a
>combination of ICMP filtering (breaks PMTUD), and Microsoft's attempt at
>PMTUD (they just set the DF bit on all packets and expect to get an ICMP
>reply back if the packet is too large).
>
>Simon
>--
>Simon Lockhart | Tel: +44 (0)1737 839676
>Internet Engineering Manager | Fax: +44 (0)1737 839516
>BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk
>Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
--
Scott A Silzer
