North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mtu mis-match

  • From: Pekka Savola
  • Date: Thu Mar 20 04:10:23 2008

On Wed, 19 Mar 2008, ann kok wrote:
Some DSL clients, some are working fine.
( ...)

Some DSL clients have this problem
they can't browse the sites.
they can ssh the host but couldn't run the command in
the shell prompt
ping packet are working fine (no packet lost)

Seems like that when the first packet that exceeds MTU (I guess 1492) on the path is sent, you get a PMTU blackhole. You will see the same problem if you ping with big packets.

As to why some clients work and others do not -- a good question. I have some theories on this point (different behaviour wrt setting DF bit; no MSS clamping and some DSL clients have MTU=1492 exposed to the user, others have a middlebox router which shows MTU=1500; some others).

You may want to check that both ends are receiving ICMP packet too big messages (i.e. a firewall doesn't filter them out).

Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings