>> Thanks Mick. Can you generally rely on PMTUD to set the MTU optimally >> or should this be experimented with when changing connections? > > Short answer: default Linux machine settings behave properly as network > devices and acknowledge packets larger than their MTU value with the > appropriate response. > > Longer answer: > > Communications between IPv4 end points use PMTUD by setting a Don't Fragment > (DF) bit in the headers of the outgoing packet. If a router/server along the > path has a smaller MTU, it will drop that packet and respond with an ICMP > 'Destination Unreachable -- Fragmentation Needed' packet including its smaller > MTU value. Upon receiving this smaller packet value the initiating host will > dynamically reduce the size of the outgoing packets, until the packet arrives > at its intended destination. PMTUD should always be switched on in any well > behaving network implementation, but here's the rub: some network nodes, > firewalls, servers are configured to never respond with *any* ICMP packets > (because they think that this is a way to avoid DDoS problems and the like). > Therefore, the initiating host keeps sending large packets never knowing that > they are dropped on the way. This network problem is known as a PMTUD black > hole and is explained better here: > > http://tools.ietf.org/html/rfc2923 > > Some MSWindows servers were notoriously bad at this, but I think that modern > configurations have corrected their buggy ways. Linux machines have PMTUD > switched on by default and behave properly.
Got it, thank you. > If you are still troubled by the proxy connection stalling problem, have you > tried transferring large files over the network using scp/sftp to see if you > are also getting similar symptoms? This would isolate it to the application > level (squid) or if the problem remains would point to network configuration > issues. How can I make this determination? I'm testing a 50MB scp over hotel wifi from my laptop to the remote proxy server now (with squid running in case it matters) and it seems OK. It oscillates constantly between 0.0KB/s and 80.0KB/s. As soon as I start browsing via the proxy server, the upload frequently goes to "stalled" but I suppose that could be a bandwidth issue. Browsing still stalls before very long. - Grant
