Broken PMTU (was: Who does source address validation? (was Re:what's that smell?))

Stephen J. Wilcox steve at telecomplete.co.uk
Thu Oct 10 10:56:28 UTC 2002



On Thu, 10 Oct 2002 Valdis.Kletnieks at vt.edu wrote:

> On Thu, 10 Oct 2002 00:55:24 +0200, Iljitsch van Beijnum said:
> 
> > You can also get around this by making the first hop the one with the
> > lowest MTU. This is no fun for ethernet-connected stuff, but for dial-up
> > this is easy. Then this box will announce a smaller TCP MSS when the
> > connection is established and there aren't any problems.
> 
> Or equivalently, just nail the MSS size for off-site connections down to
> 512, and accept that you have to send 3 times as many packets as you probably
> should.  As far as I can tell from when pMTU *does* work because all parties
> concerned actually use reasonable addresses and don't filter 'icmp frag needed',
> you end up with one of 3 results most of the time:
> 
> 1) You get a clear 1500 end-to-end.
> 2) You get an MTU of 1460 because of tunneling.
> 3) You end up racheted down to 576 because of some ancient IP stack someplace
> (older versions of end-user SLIP/PPP are famous for this)

Ah but what if the traffic is coming into you ie originating elsewhere coming
into you.. seems in that case the originator blocks the necessary icmps and they
then fail to send data into you.. my example where I saw this recently was for
inbound SMTP traffic.

Steve




More information about the NANOG mailing list