nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PPPOE, MTU, and boom.

From: Scott Silzer <scotts () iprimus ca>
Date: Wed, 18 Jul 2001 03:53:52 -0400

I have found 4 ways to get around the problem:

1) A somewhat effective fix is to have your users use a cache/proxy server.
2) Have your users lock there MTU to 1492 not 1500.
3) Some CPE routers will force 1492 MTU sessions.
4) Try to explain that ICMP is not just pings rate limit it don't drop it.

Cisco's writeup on the problem:

http://www.cisco.com/warp/public/794/router_mtu.html


At 7:53 +0100 7/18/01, Simon Lockhart wrote:

 >I have confirmed that when I block all ICMP to/from a website, we cannot

browse that site -- which is somewhat obivious. The question is, how, as
an internet community as a whole, do we fix this?

Seems to me that most people using PPPOE would have a problem here. Or, am
I alone?

My testing has been limited to Win2k, but I've heard similar reports on
WinME, 98, etc.


We've come across this too, and spent quite a while diagnosing. The
problem exists wherever there's an MTU reduction, and is caused by a
combination of ICMP filtering (breaks PMTUD), and Microsoft's attempt at
PMTUD (they just set the DF bit on all packets and expect to get an ICMP
reply back if the packet is too large).

Simon
--
Simon Lockhart                       |   Tel: +44 (0)1737 839676
Internet Engineering Manager         |   Fax: +44 (0)1737 839516
BBC Internet Services                | Email: Simon.Lockhart () bbc co uk
Kingswood Warren,Tadworth,Surrey,UK  |   URL: http://support.bbc.co.uk/



--
Scott A Silzer
Previous By Date Next
Previous By Thread Next

Current thread: