nanog mailing list archives
Re: Thoughts on increasing MTUs on the internet
From: "Stephen Sprunk" <stephen () sprunk org>
Date: Fri, 13 Apr 2007 16:15:00 -0500
Thus spake "Lasher, Donn" <DLasher () newedgenetworks com>
PMTU Black Hole Detection works well in my experience, but unfortunatelyMS doesn't turn it on by default, which is where all of the L2VPN with <1500MTU issues come from; turn BHD on and the problems just go away... (And, as others have noted, there's better PMTUD algorithms that are designed to work _with_ black holes, but IME they're not really needed)I wish I'd had your experience. PMTU _can_ work well, but on the internet asa whole, far too many ignorant paranoid admins block PMTU, mostly by accident, causing all sorts of unpleasantness.
You can't block PMTUD per se, just the ICMP messages that dumber implementations rely on. And, as I noted, MS's implementation is dumb by default, which leads to the problems we're all familiar with. "PMTU Black Hole Detection" is appropriately named; one registry change* and a reboot is all you need to solve the problem. Of course, that's non-trivial to implement when there's hundreds of millions of boxes with the wrong setting...
Clearing DF only takes you so far. Unless both ends are aware, and respond apppropriately to the squeeze in the middle, you're back to square one.
Smarter implementations still set DF. The difference is that when they get neither an ACK nor an ICMP, they try progressively smaller sizes until they do get a response of some kind. They make a note of what works and continue on with that, with the occasional larger probe in case the problem was transient.
In fact, one could consider Lorier's "mtud" to be roughly the same idea; it's only needed because the stack's own PMTUD code is typically bypassed for on-subnet destinations and/or not as smart as it should be.
S * HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ Parameters\EnablePMTUBHDetect=1 Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do."K5SSS --Isaac Asimov
Current thread:
- RE: Thoughts on increasing MTUs on the internet, (continued)
- RE: Thoughts on increasing MTUs on the internet Buhrmaster, Gary (Apr 12)
- Re: Thoughts on increasing MTUs on the internet Randy Bush (Apr 12)
- Re: Thoughts on increasing MTUs on the internet Randy Bush (Apr 12)
- RE: Thoughts on increasing MTUs on the internet Buhrmaster, Gary (Apr 12)
- Re: Thoughts on increasing MTUs on the internet Stephen Satchell (Apr 12)
- Re: Thoughts on increasing MTUs on the internet Saku Ytti (Apr 12)
- Re: Thoughts on increasing MTUs on the internet Valdis . Kletnieks (Apr 13)
- RE: Thoughts on increasing MTUs on the internet Leigh Porter (Apr 13)
- RE: Thoughts on increasing MTUs on the internet Mikael Abrahamsson (Apr 13)
- Re: Thoughts on increasing MTUs on the internet Stephen Sprunk (Apr 13)
- RE: Thoughts on increasing MTUs on the internet Lasher, Donn (Apr 13)
- Re: Thoughts on increasing MTUs on the internet Stephen Sprunk (Apr 13)
- Re: Thoughts on increasing MTUs on the internet Steve Meuse (Apr 13)
- Re: Thoughts on increasing MTUs on the internet Adrian Chadd (Apr 13)
- RE: Thoughts on increasing MTUs on the internet michael.dillon (Apr 13)
- Re: Thoughts on increasing MTUs on the internet Stephen Wilcox (Apr 12)
- Re: Thoughts on increasing MTUs on the internet Joe Loiacono (Apr 12)
- Re: Thoughts on increasing MTUs on the internet Mikael Abrahamsson (Apr 12)
- Re: Thoughts on increasing MTUs on the internet Joe Loiacono (Apr 12)
- Re: Thoughts on increasing MTUs on the internet Mikael Abrahamsson (Apr 12)
- Re: Thoughts on increasing MTUs on the internet Joe Loiacono (Apr 12)