Re: Path-MTU-discovery

["Richard A. Steenbergen" <ras () e-gerbil net>]

On Mon, 17 Jul 2000, Mikael Abrahamsson wrote:

> On Sun, 16 Jul 2000, Greg A. Woods wrote:
>
> > Experience is beginning to suggest that it's the vast majority of them
> > that use PMTUd now.  Where it doesn't work _at_all_ on the "client" side
> > you quickly find out that perhaps as many as 2/3's (anecdotally
> > measured) of the "popular" web servers out there seem to be unusable
>
> I am behind a tunnel with something like 1446 MTU. It works just nicely, I
> have not found any sites so far that won't work.
>
> On the other hand, at work we're doing some tunneling using ciscos. Due to
> routing etc the ICMP "need-to-frag"-messages get lost and the people
> behind those tunnels cannot use 90% of the www sites (so they have to         
> resort to proxies). Seems to me that PMTUd works better than most people
> think.
>
> I do believe that NT and Win2k comes default with a registry setting that
> makes it send all TCP traffic with the DF flag set (which I can see no
> reason for unless M$ IP stack cannot do refragmentation properly). This
> setting is changable as far as I know but I cannot seem to find the
> information at this time. Anyone?

As much as it saddens me to know the answer to a Win2K question (and
believe me I'll never live this down), bust out regedt32.exe, head down
to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

and add the dword value EnablePMTUBHDetect = 1. This turns on the PMTU
blackhole detection, where if it suspects the ICMP is being blocked
because of its PMTU-D it will test the theory by retransmitting with the
DF off to see whats up.

While you're there, I recommend the following additions/changes as well
(since windoze stuff isn't terribly easy to navigate):

Tcp1323Opts = 3 (high perf long/fat pipe window scaling & timestamping)
SynAttackProtection = 2 (its turned off by default, go figure :P)
EnableICMPRedirect = 0 (most people dont filter icmp redirects right)
TcpWindowSize = 262144 (turn up tcp windows if you have a good pipe)

These are all in decimal btw (tcpwindowsize is the only one where it
matters), and all dword.

-- 
Richard A Steenbergen <ras () e-gerbil net>   http://www.e-gerbil.net/humble
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)