| 1 |
On Sunday 01 Sep 2013 18:54:45 Grant wrote: |
| 2 |
> >> OK, does PMTUD lower the outgoing packet size on my system due to the |
| 3 |
> >> hotel router's lower MTU or does the hotel router itself fragment my |
| 4 |
> >> 1500 byte packets in order to send them out? Just curious. |
| 5 |
> > |
| 6 |
> > If you are sending out packets with the DF bit set no fragmentation will |
| 7 |
> > take place - the packet is dropped and an appropriate message is |
| 8 |
> > returned to sender. Otherwise the router will fragment them and send |
| 9 |
> > them on to the recipient address. |
| 10 |
> |
| 11 |
> Shouldn't PMTUD change my MTU based on the hotel router's lower MTU? |
| 12 |
|
| 13 |
Yes, it should. At the start of the connection the sender sends DF in the |
| 14 |
header to find out what is the MRU that the network nodes will support. Then |
| 15 |
sends packets of the appropriate size so that they get through with no |
| 16 |
fragmentation. This is the optimal scenario. |
| 17 |
|
| 18 |
Now, imagine another scenario where some router/firewall/server does not send |
| 19 |
back the correct ICMP packet with its required MRU, or even worse it sends |
| 20 |
back a 1500 (full ethernet) size with DF set, or also drops fragments ... This |
| 21 |
reminds me of MSN IM which was a particularly bad implementation back when. |
| 22 |
|
| 23 |
The sender may eventually try a smaller packet, after initially increasing the |
| 24 |
time it waits for a response, and you could well get something through 30 |
| 25 |
seconds later, or even give up and time out. |
| 26 |
|
| 27 |
If you are using Shorewall at your remote server I would expect it to behave |
| 28 |
properly and return the correct ICMP packet when it receives a DF. However, I |
| 29 |
am not familiar with the Shorewall properties and settings, so if you suspect |
| 30 |
this as the cause of your problem it would be better if you look into it |
| 31 |
properly. |
| 32 |
|
| 33 |
-- |
| 34 |
Regards, |
| 35 |
Mick |
Archives