North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mtu mis-match

  • From: Rich Kulawiec
  • Date: Thu Mar 20 06:40:23 2008

On Wed, Mar 19, 2008 at 12:05:19PM -0700, ann kok wrote:
> Some DSL clients, some are working fine.
> (browsing...ping ...)
> 
> Some DSL clients have this problem
> they can't browse the sites.
> they can ssh the host but couldn't run the command in
> the shell prompt
> ping packet are working fine (no packet lost)
> 
> Why?
> but I still don't know why mtu can cause this problem

Path MTU discovery failures are one of the possible causes for 
what you're seeing.  (For example, you can establish an ssh
connection to a host, because none of the packets exceed the
path MTU.  But as soon as you run a command that generates a
substantial amount of output, the connection will appear to hang
because the remote host is repeatedly retrying to send the same
data because it doesn't see an ack while the local host is
never seeing the data because it exceeds the MTU).

This is often caused by overly-aggressive filtering of ICMP.
I recommend taking a look at

	http://www.znep.com/~marcs/mtu/

as well as

	http://www.cymru.com/Documents/icmp-messages.html

and then checking the configurations of network devices to
make sure that ICMP type 3 code 4 traffic isn't being blocked.

---Rsk