1 |
>> >> OK, does PMTUD lower the outgoing packet size on my system due to the |
2 |
>> >> hotel router's lower MTU or does the hotel router itself fragment my |
3 |
>> >> 1500 byte packets in order to send them out? Just curious. |
4 |
>> > |
5 |
>> > If you are sending out packets with the DF bit set no fragmentation will |
6 |
>> > take place - the packet is dropped and an appropriate message is |
7 |
>> > returned to sender. Otherwise the router will fragment them and send |
8 |
>> > them on to the recipient address. |
9 |
>> |
10 |
>> Shouldn't PMTUD change my MTU based on the hotel router's lower MTU? |
11 |
> |
12 |
> Yes, it should. At the start of the connection the sender sends DF in the |
13 |
> header to find out what is the MRU that the network nodes will support. Then |
14 |
> sends packets of the appropriate size so that they get through with no |
15 |
> fragmentation. This is the optimal scenario. |
16 |
> |
17 |
> Now, imagine another scenario where some router/firewall/server does not send |
18 |
> back the correct ICMP packet with its required MRU, or even worse it sends |
19 |
> back a 1500 (full ethernet) size with DF set, or also drops fragments ... This |
20 |
> reminds me of MSN IM which was a particularly bad implementation back when. |
21 |
> |
22 |
> The sender may eventually try a smaller packet, after initially increasing the |
23 |
> time it waits for a response, and you could well get something through 30 |
24 |
> seconds later, or even give up and time out. |
25 |
|
26 |
Here's my layout: |
27 |
|
28 |
laptop+shorewall (MTU:1500) -> hotel router (MTU:?) -> internet -> |
29 |
Westell modem/router (MTU:1492) -> desktop+shorewall (MTU:1500) |
30 |
|
31 |
Shouldn't PMTUD change the desktop's MTU to 1492? Is the fact that it |
32 |
doesn't due to a flaw in the Westell's operation? Should I manually |
33 |
change the desktop's MTU to 1492 along with that of other systems on |
34 |
its LAN? |
35 |
|
36 |
> If you are using Shorewall at your remote server I would expect it to behave |
37 |
> properly and return the correct ICMP packet when it receives a DF. However, I |
38 |
> am not familiar with the Shorewall properties and settings, so if you suspect |
39 |
> this as the cause of your problem it would be better if you look into it |
40 |
> properly. |
41 |
|
42 |
So I'm sure I understand, this doesn't apply if ICMP is dropped at the Westell? |
43 |
|
44 |
- Grant |