From owner-freebsd-questions  Sat Dec 16 10:33:42 2000
From owner-freebsd-questions@FreeBSD.ORG  Sat Dec 16 10:33:39 2000
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from ptavv.es.net (ptavv.es.net [198.128.4.29])
	by hub.freebsd.org (Postfix) with ESMTP id 1023937B400
	for <freebsd-questions@FreeBSD.ORG>; Sat, 16 Dec 2000 10:33:39 -0800 (PST)
Received: from ptavv.es.net (localhost [127.0.0.1])
	by ptavv.es.net (8.10.1/8.10.1) with ESMTP id eBGIXXJ22883;
	Sat, 16 Dec 2000 10:33:33 -0800 (PST)
Message-Id: <200012161833.eBGIXXJ22883@ptavv.es.net>
To: David Kelly <dkelly@hiwaay.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: use of 1500 octet pings? 
In-reply-to: Your message of "Fri, 15 Dec 2000 22:04:57 CST."
             <200012160404.eBG44v454729@grumpy.dyndns.org> 
Date: Sat, 16 Dec 2000 10:33:33 -0800
From: "Kevin Oberman" <oberman@es.net>
Sender: oberman@ptavv.es.net
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> From: David Kelly <dkelly@hiwaay.net>
> Date: Fri, 15 Dec 2000 22:04:57 -0600
> Sender: dkelly@grumpy.dyndns.org
> Sender: owner-freebsd-questions@FreeBSD.ORG
> 
> "Kevin Oberman" writes:
> > > Date: Wed, 13 Dec 2000 17:07:41 -0600
> > > From: David Kelly <dkelly@hiwaay.net>
> > > Sender: owner-freebsd-questions@FreeBSD.ORG
> > > 
> > > Watching reject messages on firewalls lately I've seen ICMP ECHO 
> > > requests from web sites somebody is visiting, trying to packets of 
> > > echo 1500 octets off us. What the heck are they trying to do? I can't 
> > > guess an honest excuse for websites to ping visitors. And with such
> > > large packets.
> > 
> > PMTU discovery? They may well be sending larger pings, but they don't
> > get to you. 1500 octets is probably the largest packet that can make
> > it to you without fragmentation.
> 
> I don't know what they are doing but watch what happens when you try
> http://www.nga.gov/. Forcing MTU discovery with large pings on first
> access to a web site doesn't seem right. HP has sites which do the same 
> thing.

I don't know why it does not seem right. It certainly is right.

Try reading RFC1191, "Path MTU Discovery". IF you do PMTU discovery,
and it is a good idea, you do it before establishing the first TCP
connection. So the "large ping" should be the immediate result of a
connection.

The selection of the largest possible MTU will greatly enhance
performance in most cases and the only way to determine that value is
PMTU discovery.

The only reason PMTU discovery is not universal is that so many people
block ICMP packets which MAY break PMTU. The result is that many sites
don't think it's worth doing.

R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net			Phone: +1 510 486-8634


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message