(Message mtu:13) Date: 02 Dec 1997 18:21:42 GMT From: c.c.eiftj@65.usenet.us.com (Rahul Dhesi) Newsgroups: comp.dcom.sys.cisco Subject: Re: Cannot reach sites with MTU<1500 X-Return-Path: dhesi@rahul.net X-Nojunk-Status: OK 0 Organization: a2i network References: <880958743.6326@news.Colorado.EDU> <65ttqn$37e$1@samba.rahul.net> <65uar9$m94$1@news.ibm.net.il> <65unj9$6dv$1@scanner. ***worldgate.com> Nntp-Posting-Host: waltz.rahul.net Nntp-Posting-User: dhesi X-Comment: Encoded From: line allows replies that preserve original subject Xref: samba.rahul.net comp.dcom.sys.cisco:41095 I will summarize what I have seen here to so far. Somebody please correct me if I am wrong. SCENARIO - Remote server sends a packet with DF (don't fragment) bit set, in an attempt to do MTU discovery. - Client side sees that its MTU is smaller than packet size, responds with ICMP type 3 code 4 (destination unreachable, fragmentation needed but DF bit set). - ICMP packet is filtered out at server end, so server times out waiting for response. HOW TO DIAGNOSE - Analyze packets arriving from remote, see if you get one with DF bit set. - Ping remote site, see if pings seem to be blocked. HOW TO FIX - Set MTU at 1500, so we never have to fragment incoming packets OR - Advertise a suitable MSS, such that remote will never send a packet that is too big. Ok, now I'm a bit confused. Suppose we have a dial-up PPP client. [ PPP client ] ====== [ terminal server ] ========> to Internet The terminal server uses MTU=576 for the dial-in line, so if it seems a large packet arriving from the remote web server headed for the PPP client, it will either fragment the packet or (if the DF bit was set) send back the ICMP "fragmentation needed" message. But the TCP/IP connection will be between the PPP client and the remote web server. The terminal server has no control over the MSS seen by the remote web server -- or does it? Please educate me. How do I make the terminal server, which has control over the MTU, make sure that the remote web server seems the right MSS? -- Rahul Dhesi