Broken PMTU (was: Who does source address validation? (was Re:what's that smell?))

• Previous message (by thread): Broken PMTU (was: Who does source address validation? (was Re:what's that smell?))
• Next message (by thread): Broken PMTU (was: Who does source address validation? (was Re:what's that smell?))
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 10 Oct 2002 00:55:24 +0200, Iljitsch van Beijnum said:

> You can also get around this by making the first hop the one with the
> lowest MTU. This is no fun for ethernet-connected stuff, but for dial-up
> this is easy. Then this box will announce a smaller TCP MSS when the
> connection is established and there aren't any problems.

Or equivalently, just nail the MSS size for off-site connections down to
512, and accept that you have to send 3 times as many packets as you probably
should.  As far as I can tell from when pMTU *does* work because all parties
concerned actually use reasonable addresses and don't filter 'icmp frag needed',
you end up with one of 3 results most of the time:

1) You get a clear 1500 end-to-end.
2) You get an MTU of 1460 because of tunneling.
3) You end up racheted down to 576 because of some ancient IP stack someplace
(older versions of end-user SLIP/PPP are famous for this)

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20021010/4df78373/attachment.sig>

• Previous message (by thread): Broken PMTU (was: Who does source address validation? (was Re:what's that smell?))
• Next message (by thread): Broken PMTU (was: Who does source address validation? (was Re:what's that smell?))
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]