MTU to CDN's

Owen DeLong owen at
Fri Jan 19 00:37:17 UTC 2018

> On Jan 18, 2018, at 4:32 PM, William Herrin <bill at> wrote:
> On Thu, Jan 18, 2018 at 7:14 PM, Jared Mauch <jared at> wrote:
>> lets say i can
>> send you a 9K packet.  If you receive that frame, and realize you need
>> to fragment, then it’s your routers job to slice 9000 into 5 x 1500.
> In practice, no, because the packet you sent had the "don't fragment"
> bit set. That means my router is not allowed to fragment the packet.
> Instead, I must send the originating host an ICMP destination
> unreachable packet stating that the largest packet I can send further
> is 1500 bytes.
> You might receive my ICMP message. You might not. After all, I am not
> the host you were looking for.

This gets especially bad in cases such as anycast where the return path may be asymmetrical and could result in delivery of the ICMP PTB message to a different anycast instance or to a stateless load balancer that is incapable of determining which machine originated the packet being referenced.

One of the many reasons I continue to question the wisdom of using anycast for multi-packet transactions.


> Good luck.
> Regards,
> Bill Herrin
> P.S. This makes Linux servers happy:
> iptables -t mangle --insert POSTROUTING --proto tcp \
>        --tcp-flags SYN,RST,FIN SYN --match tcpmss --mss 1241:65535 \
>        --jump TCPMSS --set-mss 1240
> -- 
> William Herrin ................ herrin at  bill at
> Dirtside Systems ......... Web: <>

More information about the NANOG mailing list