From owner-freebsd-net@FreeBSD.ORG Wed Jan 28 18:43:43 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 296851065713 for ; Wed, 28 Jan 2009 18:43:43 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from relay2-bcrtfl2.verio.net (relay2-bcrtfl2.verio.net [131.103.218.177]) by mx1.freebsd.org (Postfix) with ESMTP id C6FC38FC26 for ; Wed, 28 Jan 2009 18:43:42 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from iad-wprd-xchw02.corp.verio.net (iad-wprd-xchw02.corp.verio.net [198.87.7.165]) by relay2-bcrtfl2.verio.net (Postfix) with ESMTP id 303091FF007E; Wed, 28 Jan 2009 13:43:42 -0500 (EST) thread-index: AcmBeFci1Va9I9TZQ+Gkk9jaUJQKHA== Received: from dllstx1-8sst9f1.corp.verio.net ([198.87.6.169]) by iad-wprd-xchw02.corp.verio.net over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Wed, 28 Jan 2009 13:43:40 -0500 Received: by dllstx1-8sst9f1.corp.verio.net (sSMTP sendmail emulation); Wed, 28 Jan 2009 12:43:39 +0000 Date: Wed, 28 Jan 2009 12:43:39 -0600 Content-Transfer-Encoding: 7bit From: "David DeSimone" To: "Len Gross" Content-Class: urn:content-classes:message Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3168 Message-ID: <20090128184339.GD2436@verio.net> Mail-Followup-To: Len Gross ,freebsd-net@freebsd.org References: <27cb3ada0901251009x7a96019am672f8bd42380df90@mail.gmail.com> <20090127064419.GC1284@verio.net> <27cb3ada0901271801u6d1db9cfhfb953073355db2d2@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <27cb3ada0901271801u6d1db9cfhfb953073355db2d2@mail.gmail.com> Precedence: bulk User-Agent: Mutt/1.5.18 (2008-05-17) X-OriginalArrivalTime: 28 Jan 2009 18:43:40.0374 (UTC) FILETIME=[567B2760:01C98178] Cc: freebsd-net@freebsd.org Subject: Re: MTU or Fragmentation Problems on 7.0? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2009 18:43:43 -0000 Len Gross wrote: > > I guess it is "good news" that this is a result of "common TCP > methodology." ;-> It can be good or bad. Just because it's common doesn't mean it always works. :) > BTW: The only firewall I've found in this setup is a Linksys WiFi > Router that that connects to a cable modem. Similar setup at a second > location with a WiFI router to DSL. Reduced MTU sizes are quite common with DSL setups, and so people using DSL are most likely to run into these issues. I should point out that most of the consumer DSL routers such as the Linksys you mentioned will perform a hack known as "MSS mangling". They will watch for TCP SYN packets being sent, and if the MSS is larger than would be supported by the Path MTU, they will change the MSS value to an acceptable value before forwarding it along. Since this causes the other endpoint to negotiate a smaller initial MSS, the connection "just works" in nearly all cases. This is probably the main reason why there has not been a huge outcry concerning rampant ICMP filtering breaking Path MTU Discovery. In fact, you may even want to investigate how you can start doing some MSS Mangling in your own setup. > One left over item to ponder. Why does Google work? Do they have a > packet size smaller than 1450 by "default"? More likely they use firewalls that forward ICMP traffic correctly, as that would be required. You should snoop on your BSD1 box to see if they are sending larger frames and whether your BSD1 box is sending ICMP responses back to them. -- David DeSimone == Network Admin == fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.