Please note that about 5% of the machines out there do not understand an MTU different than 1500, because some firewalls blocks all ICMP packets instead of sending back the ICMP packet with the recommended MTU. I explain further. You have a client machine A, a router A with MTU 576, another router B, a firewall B and a web server B with MTU 1500 and MTU discovery. You request a page to server B, server B send the packet with more than 576 bytes and the don't fragment flag. Router A drop the packet and send back an ICMP packet back to server B with the MTU required to pass router A. Firewall B drops the ICMP packet. Server B does not learn that his packet nver reached. The case is true if router A drop the packet and don't send an ICMP. We have a black hole router. Do not filter all ICMP packets! In NT you can enable BlackHole router discovery (cf below) Cheers. On 09 Jul 2001 08:49:37 -0700, David LeBlanc wrote: > ============================================================ > EnablePMTUDiscovery REG_DWORD 0 | 1 > > Default: 1 > > Determines whether TCP uses a fixed, default maximum transmission unit (MTU) > or attempts to detect the actual MTU. > > Value Meaning > 0 TCP uses an MTU of 576 bytes for all connections to computers outside the > local subnet. > 1 TCP attempts to discover the MTU of the path to a remote host. > By discovering the Path MTU and limiting TCP segments to this size, TCP can > eliminate fragmentation at routers along the path that connects networks > with different MTUs. Fragmentation reduces TCP throughput and increases > network congestion.
This archive was generated by hypermail 2b30 : Tue Jul 10 2001 - 07:43:19 PDT