Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 31 Aug 1998 10:42:37 -0700 (PDT)
From:      Jim Shankland <jas@flyingfox.com>
To:        hackers@FreeBSD.ORG, ru@ucb.crimea.ua
Subject:   Re: PMTU discovery, Firewalls and Sendmail
Message-ID:  <199808311742.KAA19361@biggusdiskus.flyingfox.com>
In-Reply-To: <19980831162228.A20318@ucb.crimea.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
[PMTU discovery fails due to dropped/filtered ICMP messages, causing
SMTP timeouts in DATA phase.]

Yes, PMTU discovery doesn't work all that well in practice:  too
often, the ICMP "fragmentation required" packet evaporates.  I'll
bet the most common cause is miconfigured firewalls; however, in
one case I investigated, the ICMP packet seemed to be disappearing
in an ISP's backbone transit, where one wouldn't expect to see
filtering.  (Never did figure out how the ICMP packet came to grief
in that case.)

Most of the time, PMTU discovery doesn't get a chance to fail because
much of the Internet can handle 1500 bytes packets, which is the
starting MTU when the originating host is on Ethernet.  But try setting
up a system on a PPP link with an MRU of, say, 2048, and browse the
Web for a few days.  A surprising number of Web sites will disappear
until you lower your MRU to 1500.

One possible way to address this would be for the TCP retransmit code
to drop the MSS back if PMTU discovery is being done, and the MSS
has not yet been reduced.

Jim Shankland
Flying Fox Computer Systems, Inc.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808311742.KAA19361>