Re: mtu mis-match

North American Network Operators Group

Re: mtu mis-match

From: Pekka Savola
Date: Thu Mar 20 04:10:23 2008

On Wed, 19 Mar 2008, ann kok wrote:

Some DSL clients, some are working fine.
(browsing...ping ...)

Some DSL clients have this problem
they can't browse the sites.
they can ssh the host but couldn't run the command in
the shell prompt
ping packet are working fine (no packet lost)

Seems like that when the first packet that exceeds MTU (I guess 1492) on the path is sent, you get a PMTU blackhole. You will see the same problem if you ping with big packets.

As to why some clients work and others do not -- a good question. I have some theories on this point (different behaviour wrt setting DF bit; no MSS clamping and some DSL clients have MTU=1492 exposed to the user, others have a middlebox router which shows MTU=1500; some others).

You may want to check that both ends are receiving ICMP packet too big messages (i.e. a firewall doesn't filter them out).

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- mtu mis-match ann kok

Prev by Date: Re: do you know how to dump packet to see vlan info
Next by Date: Re: mtu mis-match
Date Index
Thread Index
Author Index
Historical