1 |
On Sunday 01 Sep 2013 18:54:45 Grant wrote: |
2 |
> >> OK, does PMTUD lower the outgoing packet size on my system due to the |
3 |
> >> hotel router's lower MTU or does the hotel router itself fragment my |
4 |
> >> 1500 byte packets in order to send them out? Just curious. |
5 |
> > |
6 |
> > If you are sending out packets with the DF bit set no fragmentation will |
7 |
> > take place - the packet is dropped and an appropriate message is |
8 |
> > returned to sender. Otherwise the router will fragment them and send |
9 |
> > them on to the recipient address. |
10 |
> |
11 |
> Shouldn't PMTUD change my MTU based on the hotel router's lower MTU? |
12 |
|
13 |
Yes, it should. At the start of the connection the sender sends DF in the |
14 |
header to find out what is the MRU that the network nodes will support. Then |
15 |
sends packets of the appropriate size so that they get through with no |
16 |
fragmentation. This is the optimal scenario. |
17 |
|
18 |
Now, imagine another scenario where some router/firewall/server does not send |
19 |
back the correct ICMP packet with its required MRU, or even worse it sends |
20 |
back a 1500 (full ethernet) size with DF set, or also drops fragments ... This |
21 |
reminds me of MSN IM which was a particularly bad implementation back when. |
22 |
|
23 |
The sender may eventually try a smaller packet, after initially increasing the |
24 |
time it waits for a response, and you could well get something through 30 |
25 |
seconds later, or even give up and time out. |
26 |
|
27 |
If you are using Shorewall at your remote server I would expect it to behave |
28 |
properly and return the correct ICMP packet when it receives a DF. However, I |
29 |
am not familiar with the Shorewall properties and settings, so if you suspect |
30 |
this as the cause of your problem it would be better if you look into it |
31 |
properly. |
32 |
|
33 |
-- |
34 |
Regards, |
35 |
Mick |