From owner-freebsd-questions Fri May 21 10:34: 4 1999 Delivered-To: freebsd-questions@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 13D9514E67 for ; Fri, 21 May 1999 10:33:01 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id UAA57442; Fri, 21 May 1999 20:27:24 +0300 (EEST) (envelope-from ru) Date: Fri, 21 May 1999 20:27:23 +0300 From: Ruslan Ermilov To: Anand Buddhdev Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Path MTU discovery on FBSD Message-ID: <19990521202723.A48193@relay.ucb.crimea.ua> Mail-Followup-To: Anand Buddhdev , freebsd-questions@FreeBSD.ORG References: <19990521173815.B1722@africaonline.co.ke> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <19990521173815.B1722@africaonline.co.ke>; from Anand Buddhdev on Fri, May 21, 1999 at 05:38:15PM +0300 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, May 21, 1999 at 05:38:15PM +0300, Anand Buddhdev wrote: > Today one of the firewalls at my upstream provider started to block ICMP. I > noticed that a lot of my email started slowing down. I got a lot of > deferrals (I'm using qmail). I have heard that this can happen when Path > MTU discovery fails becuase of ICMP blocks. > This is true. > Does FreeBSD 3.1-RELEASE do this? > In FreeBSD, MTU discovery is performed on a per route basis and is ``on'' by default. To make your FreeBSD host not to do P-MTU discovery, you should lock MTU along a route. This could be done with ``-lock -mtu'' option of ``route'' command. For example, in /etc/rc.conf, set defaultrouter=" -lock -mtu 1500" > How could I actually diagnose that this is indeed happening. I know > about tcpdump, but I'm not very familiar with the details of TCP/IP. > When P-MTU discovery takes place, packets come with DF bit set. If the packet (with DF bit set) can't be further forwarded by some interim router, this router sends back an ICMP message type 3 code 4 (destination unreachable: fragmentation needed but don't-fragment bit set). When your host receives such a message, it corrects its routing table by lowering down MTU. If your ISP blocks incoming ICMP, you'll never receive such messages, thus your host will re-transmit packet until timeout. > any pointers will be appreciated. > 1. RFC-1191 - Path MTU discovery 2. http://www.worldgate.com/~marcs/mtu/ - Path MTU Discovery and Filtering ICMP Cheers, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message