[65674] in North American Network Operators' Group
Re: MTU path discovery and IPSec
daemon@ATHENA.MIT.EDU (Barney Wolff)
Thu Dec 4 18:10:54 2003
Date: Thu, 4 Dec 2003 18:03:38 -0500
From: Barney Wolff <barney@databus.com>
To: Valdis.Kletnieks@vt.edu
Cc: Joe Maimon <jmaimon@ttec.com>, nanog@merit.edu
In-Reply-To: <200312042254.hB4Mshps020121@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, Dec 04, 2003 at 05:54:42PM -0500, Valdis.Kletnieks@vt.edu wrote:
> On Thu, 04 Dec 2003 16:40:45 EST, Joe Maimon <jmaimon@ttec.com> said:
> > I was wondering would it not be wiser for fraggers to frag in half
> > instead of just the overflow?
>
> There's 2 cases here:
>
> 1) This is the final frag on the path - if PMTUD is in use, we want to frag
> right at the overflow so the connection can use the max (so if we're fragging
> from 1500 down to 1410, they end up with 1410 rather than 750).
>
> 2) There's an even more restrictive frag further downstream. We frag from 1500
> to 1460, and somebody else frags from 1460 down to 1410. If you frag at overflow,
> you end up with a PMTU of 1410. If you fragged it in half, you avoid the second
> frag but end up with a PMTU of 750.
>
> After several dozen packets, the difference between 750 and 1410 will start to become
> noticable.....
That's not how PMTUD works. If DF is set, you discard the packet and
report back with ICMP. If DF is not set, you frag the packet - but
that's not PMTUD, because no report ever goes back to the sender.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
