Date: Mon, 31 Aug 1998 10:42:37 -0700 (PDT) From: Jim Shankland <jas@flyingfox.com> To: hackers@FreeBSD.ORG, ru@ucb.crimea.ua Subject: Re: PMTU discovery, Firewalls and Sendmail Message-ID: <199808311742.KAA19361@biggusdiskus.flyingfox.com> In-Reply-To: <19980831162228.A20318@ucb.crimea.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
[PMTU discovery fails due to dropped/filtered ICMP messages, causing SMTP timeouts in DATA phase.] Yes, PMTU discovery doesn't work all that well in practice: too often, the ICMP "fragmentation required" packet evaporates. I'll bet the most common cause is miconfigured firewalls; however, in one case I investigated, the ICMP packet seemed to be disappearing in an ISP's backbone transit, where one wouldn't expect to see filtering. (Never did figure out how the ICMP packet came to grief in that case.) Most of the time, PMTU discovery doesn't get a chance to fail because much of the Internet can handle 1500 bytes packets, which is the starting MTU when the originating host is on Ethernet. But try setting up a system on a PPP link with an MRU of, say, 2048, and browse the Web for a few days. A surprising number of Web sites will disappear until you lower your MRU to 1500. One possible way to address this would be for the TCP retransmit code to drop the MSS back if PMTU discovery is being done, and the MSS has not yet been reduced. Jim Shankland Flying Fox Computer Systems, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808311742.KAA19361>