nanog mailing list archives
Re: PMTU-D: remember, your load balancer is broken
From: woods () weird com (Greg A. Woods)
Date: Fri, 16 Jun 2000 10:10:27 -0400 (EDT)
[ On Friday, June 16, 2000 at 05:38:25 (-0400), Richard A. Steenbergen wrote: ]
Subject: Re: PMTU-D: remember, your load balancer is broken If you are a provider running the tunnel (not on an end host where MSS can be set), you would do well to keep the available MTU post-tunnel >= 1500 to keep everyone happy, if at all possible.
Sometimes it's just not that simple. You really do have to make room for the encapsulation header. If the maximum MTU of the tunnel transport is only 1500 bytes then the only way to have an MTU of 1500 bytes on the tunnel as well is to employ forced fragmentation (and perhaps windowing and maybe even retransmission since this level of fragmentation cannot stand for loss or out-of-order reassembly) in the tunneling protocol. Unfortunately there are all kinds of ugly things that can happen when you run TCP inside another windowing protocol. (For further info on that latter issue see "Why TCP Over TCP Is A Bad Idea" at <URL:http://sites.inka.de/sites/bigred/devel/tcp-tcp.html>.)
Just a quick 5:30AM thought, but it seems like a better solution would be to have the hosts signal that fragmentation was encountered on the ACK, so if ICMP discovery is not possible the packets are not lost with no idea why (it can go right next to the ECN bit :P).
Back when I was running with only PPP and a 1024-byte MTU I racked my brain to try and think of something better than PMTU-D. I did come up with a proposal that would allow a PPP router to do a legal end-run around a broken PMTU-D link. I haven't tried to implement it yet. The thing that really makes PMTU-D an ugly hack is that it in effect overloads the meaning of the DF flag. If there were only some room in the IP header for a new flag like "don't fragment unless you really have to...." I am somewhat worried about the vulnerabilities of PMTU-D too now that I've thought about the possibilities. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods () acm org> <robohack!woods> Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>
Current thread:
- Re: PMTU-D: remember, your load balancer is broken, (continued)
- Re: PMTU-D: remember, your load balancer is broken Valdis . Kletnieks (Jun 15)
- OT: PMTU-D and Chickens Rural CNE (Jun 15)
- RE: PMTU-D: remember, your load balancer is broken Roeland Meyer (E-mail) (Jun 15)
- RE: PMTU-D: remember, your load balancer is broken jhsu (Jun 14)
- RE: PMTU-D: remember, your load balancer is broken Deepak Jain (Jun 14)
- RE: PMTU-D: remember, your load balancer is broken John Fraizer (Jun 14)
- RE: PMTU-D: remember, your load balancer is broken Deepak Jain (Jun 14)
- RE: PMTU-D: remember, your load balancer is broken jhsu (Jun 14)
- RE: PMTU-D: remember, your load balancer is broken Deepak Jain (Jun 14)
- RE: PMTU-D: remember, your load balancer is broken rdobbins (Jun 14)
- Re: PMTU-D: remember, your load balancer is broken Richard A. Steenbergen (Jun 16)
- Re: PMTU-D: remember, your load balancer is broken Greg A. Woods (Jun 16)