From: Darby Weaver (darbyweaver@yahoo.com)
Date: Thu Apr 05 2007 - 07:33:32 ART
Not always the most efficient use of your pipe.
Think outside the box.
--- John Gibson <johngibson1541@yahoo.com> wrote:
> IPv6 rfc 2460 basically says if we don't do PMTU,
> just send packets smaller than 1280 bytes.
>
> rfc 2460 says routers in the ipv6 path MUST
> be capable of sending 1280 bytes in 1 IPv6 packet.
> If some interface have layer 2 MTU smaller than
> 1280, the router have to fragment the packet at
> layer 2.
>
> I like rfc 2460.
>
> --- Sergey Golovanov <sergey.golovanov@iementor.com>
> wrote:
>
> >
> > Actually, barely any networks in the enterprise
> > world rely on PMTU anymore.
> > If you are concerned with an MTU bottleneck in the
> > middle of the
> > communication path, for example GRE tunnels, you'd
> > normally use "ip tcp
> > adjust-mss" set to your IP MTU - 40. So for
> example,
> > let's say you have a
> > gre tunnel somewhere in the middle. The IP mtu
> would
> > normally be set to 1476
> > (1500 - 20 IP header - 4 GRE header), and tcp
> > adjust-mss would be set to
> > 1436 (1476 - 40 IP+TCP header). With this
> > configuration these problems don't
> > matter anymore:
> >
> > 1. PMTU is not needed (tcp only)
> > 2. Doesn't matter what MTU the server or client
> are
> > using (tcp only)
> > 3. Doesn't matter what MSS the server or client
> are
> > using (tcp only)
> > 4. Doesn't matter if the server or client are
> using
> > DF bit (tcp only)
> >
> > All these issues are resolved with tcp
> > adjust-mss.... the only problem is
> > that it applies only to TCP traffic. The issue
> > remains with UDP traffic. But
> > it's not a big deal. If UDP for some reason sends
> > large MTU packet, it would
> > get fragmented. I don't know of any applications
> > that set DF-bit and that
> > use full size 1500 ip packet. I don't know of
> any...
> > except for one :)
> > Microsoft Kerberos authentication on Windows 2000
> (I
> > think it's only on
> > Win2K) will use UDP by default (I believe on
> Win2003
> > they changed to TCP for
> > default setting), and it will set the DF bit.
> Well,
> > it's not a problem....
> > until your AD transactions (resulted from the user
> > database size etc) reach
> > certain size and the packet ends up being above
> the
> > "bottleneck" MTU. The
> > difficult way to fix it is to tell your server
> guys
> > to switch Kerberos from
> > UDP to TCP... but it might be difficult in large
> > environments. The other way
> > to fix it, of course, is to use the route-map and
> > clear df-bit on all UDP
> > traffic.
> >
> > Hope this helps
> >
> >
>
--------------------------------------------------------------------
> > Sergey Golovanov, CCIEx5
> (R&S/Security/Voice/Service
> > Provider/Storage)
> > "Please, don't ask me for my ccie #, there are
> > reasons why I can't release
> > it"
> > ieMentor Instructor and Content Developer
> > sergey.golovanov@iementor.com
> > http://www.iementor.com
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com] On Behalf Of
> > johngibson1541@yahoo.com
> > Sent: Wednesday, April 04, 2007 9:54 AM
> > To: ccielab@groupstudy.com
> > Subject: Re: Re: routers don't fragment any
> packet.
> > End hosts all MUST have
> > path MTU discovery ?
> >
> > No. Something is not right here.
> >
> > I am so shocked to learn that path MTU discovery
> > protocol uses ICMP.
> >
> > Many enterprise networks block all ICMP packets.
> How
> > could this path MTU
> > discovery thing ever work in our public Internet ?
> >
> > What are we doing ? I am totally lost.
> >
> >
>
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:34 ART