[52741] in North American Network Operators' Group
Re: Broken PMTU (was: Who does source address validation? (was Re:what's that smell?))
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Oct 10 01:11:51 2002
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Thu, 10 Oct 2002 00:55:24 +0200."
<20021010004821.F85622-100000@sequoia.muada.com>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 10 Oct 2002 01:11:05 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-491763651P
Content-Type: text/plain; charset=us-ascii
On Thu, 10 Oct 2002 00:55:24 +0200, Iljitsch van Beijnum said:
> You can also get around this by making the first hop the one with the
> lowest MTU. This is no fun for ethernet-connected stuff, but for dial-up
> this is easy. Then this box will announce a smaller TCP MSS when the
> connection is established and there aren't any problems.
Or equivalently, just nail the MSS size for off-site connections down to
512, and accept that you have to send 3 times as many packets as you probably
should. As far as I can tell from when pMTU *does* work because all parties
concerned actually use reasonable addresses and don't filter 'icmp frag needed',
you end up with one of 3 results most of the time:
1) You get a clear 1500 end-to-end.
2) You get an MTU of 1460 because of tunneling.
3) You end up racheted down to 576 because of some ancient IP stack someplace
(older versions of end-user SLIP/PPP are famous for this)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_-491763651P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9pQvpcC3lWbTT17ARAsxCAJ9fvh+ec1rUxiQtNcqcUFfJozk7VwCglnOx
wqJld0RLFrdJAo5DbSMem+Y=
=ToJq
-----END PGP SIGNATURE-----
--==_Exmh_-491763651P--
