Verizon DSL question (actually TCP & MTU)
Derek Atkins
warlord at MIT.EDU
Wed May 1 10:04:29 EDT 2002
Bill Bogstad <bogstad at pobox.com> writes:
> [lots of people discussing MTUs and TCP efficiency]
>
> Ah, it was my understanding that all modern TCP implementations used
> path MTU discovery. By initially setting the don't fragment bit and
> watching for ICMP error packets they can quickly find the largets
> possible MTU which can be used without IP fragmentation between two
> computers. Is there some reason that fragmentation even matters here?
> The real problem seems to be that PPPoe uses a small MTU resulting in
> poor data/header ratios. I suppose there might be some NAT gateways
> which don't handle this properly...
Yes, PMTU is the right solution, but a great number of STUPID web-site
administrators block incoming ICMPs. What this means is that they
break PMTU. The problem is that when you contact one of these sites
(www.abcnews.com used to do this) and make a request, your outgoing
packets are small but their responses are big. If they send you a
1500-byte packet with the DF bit set (DF == Don't Fragment), when it
gets to your smaller-MTU network it will get stopped, and an ICMP will
be returned. Since this stupid web-site administrator blocks all
incoming ICMP, they never get the ICMP error and you are now in a
blackhole. They never know to send a smaller packet, and you never
see their packets.
There are a few ways around this problem:
1) go fix all those stupid firewalls that break PMTU,
2) make "tunnels" that fragment packets "incorrectly", even
with the DF bit set,
3) set all your MTUs lower on all your hosts, or
4) fix your end of the tunnel (PPPoE) to change any SYN and
reduce the MTU appropriately
>
> Bill Bogstad
> bogstad at pobox.com
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the Discuss
mailing list