From owner-freebsd-questions Sat Dec 18 14:20:15 1999 Delivered-To: freebsd-questions@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id 1EA2914F37; Sat, 18 Dec 1999 14:20:11 -0800 (PST) (envelope-from jflowers@ezo.net) Received: from lily.ezo.net (jflowers@localhost.ezo.net [127.0.0.1]) by lily.ezo.net (8.8.7/8.8.7) with SMTP id RAA16950; Sat, 18 Dec 1999 17:19:29 -0500 (EST) Date: Sat, 18 Dec 1999 17:19:28 -0500 (EST) From: Jim Flowers To: freebsd-questions@freebsd.org Cc: freebsd-hackers@freebsd.org Subject: Natd with Pmtu Discovery Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Natd does not handle pmtu discovery well when the mtu for the interface it is using is changed, either manually or under program control, after natd is started. The following provides details of why, and a work-around. Problem ------- Gateway router with natd has erratic or poor TCP performance when the outbound (nat) interface is modified after startup or during startup subsequent to launcing natd from rc.network such as from scripts in /usr/local/etc/rc.d or /etc/rc.local. Analysis -------- 1. Natd learns the mtu value of its interface on startup from rc.network following ifconfig or DHCP initialization. 2. Skip startup from a startup script in /usr/local/etc/rc.d/skip.sh modifies the mtu value in the kernel interface structure. 3. On receiving a packet to transmit outbound, natd generates an icmp type 3 need-to-fragment packet back to the sending host using the value learned in paragraph 1. 4. The sending host retransmits using this size. The packet is still too large for the outbound interface to transmit. 5. If the sending host happens to be a WinNT with pmtu discovery enabled, paragraphs 3 and 4 are repeated until black hole discovery takes over, if enabled, or forever, if not enabled. The -dynamic flag does not cause natd to learn the new value when the interface mtu is modified. While this problem was discovered in gateways that use both skip and natd on the same interface, it has been confirmed that the problem exists any time the natd interface mtu is modified, either manually or during startup after the natd daemon has been started. Workaround ---------- This behavior can be avoided for the current autostart requirement by delaying the startup of natd until after the interface mtu is set by skip from skip.sh (such as placing the equivalent shell script line in /etc/rc.local). The program name, option flags and interface name will have to be given explicitly as these values from rc.conf are not available in rc.local. Correction ---------- The natd program should learn the modified value of the interface mtu before transmitting need-to-fragment messages. As this method of avoiding fragmentation is becoming more common (and is mandatory in IPV6) this would be a worthwhile modification. Wierd Note ---------- The problem does not appear to occur in 3 gateways that are bit-identical except that they are running unstripped binaries (identical, if stripped) of natd. Jim Flowers #4 ISP on C|NET, #1 in Ohio To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message