MTU or Fragmentation Problems on 7.0?
    David DeSimone 
    fox at verio.net
       
    Wed Jan 28 10:43:43 PST 2009
    
    
  
Len Gross <sandiegobiker at gmail.com> wrote:
>
> I guess it is "good news" that this is a result of "common TCP
> methodology." ;->
It can be good or bad.  Just because it's common doesn't mean it always
works.  :)
> BTW: The only firewall I've found in this setup is a Linksys WiFi
> Router that that connects to a cable modem.  Similar setup at a second
> location with a WiFI router to DSL.
Reduced MTU sizes are quite common with DSL setups, and so people using
DSL are most likely to run into these issues.
I should point out that most of the consumer DSL routers such as the
Linksys you mentioned will perform a hack known as "MSS mangling".  They
will watch for TCP SYN packets being sent, and if the MSS is larger than
would be supported by the Path MTU, they will change the MSS value to
an acceptable value before forwarding it along.  Since this causes the
other endpoint to negotiate a smaller initial MSS, the connection "just
works" in nearly all cases.
This is probably the main reason why there has not been a huge outcry
concerning rampant ICMP filtering breaking Path MTU Discovery.  In fact,
you may even want to investigate how you can start doing some MSS
Mangling in your own setup.
> One left over item to ponder.  Why does Google work?  Do they have a
> packet size smaller than 1450 by "default"?
More likely they use firewalls that forward ICMP traffic correctly, as
that would be required.  You should snoop on your BSD1 box to see if
they are sending larger frames and whether your BSD1 box is sending ICMP
responses back to them.
-- 
David DeSimone == Network Admin == fox at verio.net
  "I don't like spinach, and I'm glad I don't, because if I
   liked it I'd eat it, and I just hate it." -- Clarence Darrow
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free.  Thank you.
    
    
More information about the freebsd-net
mailing list