North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: barak-online.net icmp performance vs. traceroute/tcptraceroute, ssh, ipsec

  • From: Peter Dambier
  • Date: Mon May 07 15:48:34 2007


Joe Maimon wrote:



Jo Rhett wrote:


On May 6, 2007, at 6:07 PM, Joe Maimon wrote:

Of course, and thats why I have cut down ip mtu and tcp adjust mss and all the rest.
Not making much of a difference.



Um.. sorry if you mean more than you said, but where did you cut down the TCP MTU? If you did it on your routers, then you are creating or at least complementing the problem.


On the CPE dialer interface.

On the ezvpn dvti virtual-template


The only way to make smaller MTUs work is to alter the MTU on both the origin and destination systems. Altering the MTU anywhere along the path only breaks things.



Lower than 1500 mtu always requires some kind of hack in real life.


That would be the adjust-mss which is the hack-of-choice


I remember from my early DSL days, it was recommended to configure mtu=1480 on all interfaces connected to the internet or to the NAT-router.

I remember at least the Grandstream ATA and DSL-NAT-router was brainded
(lobotomized ICMP) enough simply to break connections when packets
exceeded the 1480 bytes.

Practically all german internet users are on dsl lines. Some smaller hosts
with ftp or http servers are on dsl or tunnels, maybe with even smaller mtu.

So mtu < 1500 is practically the norm.

Kind regards
Peter and Karin Dambier

--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: [email protected]
mail: [email protected]
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/