I-D on operational MTU/fragmentation issues in tunneling
sabri at cluecentral.net
Thu Oct 14 15:33:24 UTC 2004
On Mon, Oct 11, 2004 at 11:12:55AM +0300, Pekka Savola wrote:
Hi Pekka and others,
> Please send comments to me by the end of this week, either on- of
> off-list, as you deem appropriate.
With the risk of stating the obvious I would say that normally, PMTUD
should do the trick. Afterall, there is no real difference between the
lower MTU of a tunnel and the lower MTU of any other link. With this in
mind, the real problem can be found on networks and hosts that block
ICMP-host-unreachables (or simply all ICMP traffic for "security"
reasons). Taking this one step further, one might realise that we (as
networking community) are looking for a technical solution to compensate
for the lack of knowledge of the end-user administrators or webmasters.
In my work I have been using tunnels quite a lot, and have delt with a
lot if issues regarding PMTUD problems. For end-users behind a tunnel,
the best solution is usually to turn PMTUD off completely, such as
[root at bofh root]# sysctl -w net.inet.tcp.path_mtu_discovery=0
net.inet.tcp.path_mtu_discovery: 1 -> 0
on a FreeBSD box. I agree that this is far less efficient than it should
be, but that's always the flipside of the tunnel-coin. Another option
would be to simply strip the DF bit on your tunnel entrance point, but
that would be rather undesirable..
Sabri Berisha, SAB666-RIPE - I route, therefore you are
http://www.cluecentral.net - http://www.virt-ix.net
More information about the NANOG