mtu mis-match
Pekka Savola
pekkas at netcore.fi
Thu Mar 20 08:07:45 UTC 2008
On Wed, 19 Mar 2008, ann kok wrote:
> Some DSL clients, some are working fine.
> (browsing...ping ...)
>
> Some DSL clients have this problem
> they can't browse the sites.
> they can ssh the host but couldn't run the command in
> the shell prompt
> ping packet are working fine (no packet lost)
Seems like that when the first packet that exceeds MTU (I guess 1492)
on the path is sent, you get a PMTU blackhole. You will see the same
problem if you ping with big packets.
As to why some clients work and others do not -- a good question. I
have some theories on this point (different behaviour wrt setting DF
bit; no MSS clamping and some DSL clients have MTU=1492 exposed to the
user, others have a middlebox router which shows MTU=1500; some
others).
You may want to check that both ends are receiving ICMP packet too big
messages (i.e. a firewall doesn't filter them out).
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the NANOG
mailing list