PPPOE, MTU, and boom.
scotts at iprimus.ca
Wed Jul 18 07:53:52 UTC 2001
I have found 4 ways to get around the problem:
1) A somewhat effective fix is to have your users use a cache/proxy server.
2) Have your users lock there MTU to 1492 not 1500.
3) Some CPE routers will force 1492 MTU sessions.
4) Try to explain that ICMP is not just pings rate limit it don't drop it.
Cisco's writeup on the problem:
At 7:53 +0100 7/18/01, Simon Lockhart wrote:
> >I have confirmed that when I block all ICMP to/from a website, we cannot
>>browse that site -- which is somewhat obivious. The question is, how, as
>>an internet community as a whole, do we fix this?
>>Seems to me that most people using PPPOE would have a problem here. Or, am
>>My testing has been limited to Win2k, but I've heard similar reports on
>>WinME, 98, etc.
>We've come across this too, and spent quite a while diagnosing. The
>problem exists wherever there's an MTU reduction, and is caused by a
>combination of ICMP filtering (breaks PMTUD), and Microsoft's attempt at
>PMTUD (they just set the DF bit on all packets and expect to get an ICMP
>reply back if the packet is too large).
>Simon Lockhart | Tel: +44 (0)1737 839676
>Internet Engineering Manager | Fax: +44 (0)1737 839516
>BBC Internet Services | Email: Simon.Lockhart at bbc.co.uk
>Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
Scott A Silzer
More information about the NANOG