MTU path discovery and IPSec
Barney Wolff
barney at databus.com
Thu Dec 4 23:03:38 UTC 2003
On Thu, Dec 04, 2003 at 05:54:42PM -0500, Valdis.Kletnieks at vt.edu wrote:
> On Thu, 04 Dec 2003 16:40:45 EST, Joe Maimon <jmaimon at ttec.com> said:
> > I was wondering would it not be wiser for fraggers to frag in half
> > instead of just the overflow?
>
> There's 2 cases here:
>
> 1) This is the final frag on the path - if PMTUD is in use, we want to frag
> right at the overflow so the connection can use the max (so if we're fragging
> from 1500 down to 1410, they end up with 1410 rather than 750).
>
> 2) There's an even more restrictive frag further downstream. We frag from 1500
> to 1460, and somebody else frags from 1460 down to 1410. If you frag at overflow,
> you end up with a PMTU of 1410. If you fragged it in half, you avoid the second
> frag but end up with a PMTU of 750.
>
> After several dozen packets, the difference between 750 and 1410 will start to become
> noticable.....
That's not how PMTUD works. If DF is set, you discard the packet and
report back with ICMP. If DF is not set, you frag the packet - but
that's not PMTUD, because no report ever goes back to the sender.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
More information about the NANOG
mailing list