| 1 |
>> >> OK, does PMTUD lower the outgoing packet size on my system due to the |
| 2 |
>> >> hotel router's lower MTU or does the hotel router itself fragment my |
| 3 |
>> >> 1500 byte packets in order to send them out? Just curious. |
| 4 |
>> > |
| 5 |
>> > If you are sending out packets with the DF bit set no fragmentation will |
| 6 |
>> > take place - the packet is dropped and an appropriate message is |
| 7 |
>> > returned to sender. Otherwise the router will fragment them and send |
| 8 |
>> > them on to the recipient address. |
| 9 |
>> |
| 10 |
>> Shouldn't PMTUD change my MTU based on the hotel router's lower MTU? |
| 11 |
> |
| 12 |
> Yes, it should. At the start of the connection the sender sends DF in the |
| 13 |
> header to find out what is the MRU that the network nodes will support. Then |
| 14 |
> sends packets of the appropriate size so that they get through with no |
| 15 |
> fragmentation. This is the optimal scenario. |
| 16 |
> |
| 17 |
> Now, imagine another scenario where some router/firewall/server does not send |
| 18 |
> back the correct ICMP packet with its required MRU, or even worse it sends |
| 19 |
> back a 1500 (full ethernet) size with DF set, or also drops fragments ... This |
| 20 |
> reminds me of MSN IM which was a particularly bad implementation back when. |
| 21 |
> |
| 22 |
> The sender may eventually try a smaller packet, after initially increasing the |
| 23 |
> time it waits for a response, and you could well get something through 30 |
| 24 |
> seconds later, or even give up and time out. |
| 25 |
|
| 26 |
Here's my layout: |
| 27 |
|
| 28 |
laptop+shorewall (MTU:1500) -> hotel router (MTU:?) -> internet -> |
| 29 |
Westell modem/router (MTU:1492) -> desktop+shorewall (MTU:1500) |
| 30 |
|
| 31 |
Shouldn't PMTUD change the desktop's MTU to 1492? Is the fact that it |
| 32 |
doesn't due to a flaw in the Westell's operation? Should I manually |
| 33 |
change the desktop's MTU to 1492 along with that of other systems on |
| 34 |
its LAN? |
| 35 |
|
| 36 |
> If you are using Shorewall at your remote server I would expect it to behave |
| 37 |
> properly and return the correct ICMP packet when it receives a DF. However, I |
| 38 |
> am not familiar with the Shorewall properties and settings, so if you suspect |
| 39 |
> this as the cause of your problem it would be better if you look into it |
| 40 |
> properly. |
| 41 |
|
| 42 |
So I'm sure I understand, this doesn't apply if ICMP is dropped at the Westell? |
| 43 |
|
| 44 |
- Grant |
Archives