Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Broken PMTU (was: Who does source address validation? (was Re:what'sthat smell?))

  • From: Tony Rall
  • Date: Thu Oct 10 18:09:26 2002
  • Sensitivity:

On Thursday, 2002-10-10 at 00:55 ZE2, Iljitsch van Beijnum 
<> wrote:
> You can also get around this by making the first hop the one with the
> lowest MTU. This is no fun for ethernet-connected stuff, but for dial-up
> this is easy. Then this box will announce a smaller TCP MSS when the
> connection is established and there aren't any problems.

Traffic consists of more than tcp; setting your mtu low might get your tcp 
traffic delivered but won't help inbound traffic using other protocols.

Mtu discrepancies must be dealt with in at least one of the following ways 
if you don't want it to lead to fatally dropped packets:

1. Fragmentation must work.  This applies to systems that don't use PMTUD 
or use blackhole detection.  (Some folks think it a good "security" 
practice to drop fragments!  Some nat boxes don't know what to do with 
fragments when they arrive out of order - especially a non-initial 
fragment before the first.)

2. PMTUD must work. 

3. PMTUD blackhole detection must be used with operable fragmentation. (If 
you have to fallback to this you're likely to suffer significant 
performance hits.)

Tony Rall

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.