On Sunday 01 Sep 2013 08:40:20 Grant wrote: > >> How is PMTUD enabled/disabled on Gentoo? I've recently been made > >> aware of the existence of MTU and I'm wondering if mine is set > >> properly for a cell phone tethered connection. > > Thanks Mick. Can you generally rely on PMTUD to set the MTU optimally > or should this be experimented with when changing connections?
Short answer: default Linux machine settings behave properly as network devices and acknowledge packets larger than their MTU value with the appropriate response. Longer answer: Communications between IPv4 end points use PMTUD by setting a Don't Fragment (DF) bit in the headers of the outgoing packet. If a router/server along the path has a smaller MTU, it will drop that packet and respond with an ICMP 'Destination Unreachable -- Fragmentation Needed' packet including its smaller MTU value. Upon receiving this smaller packet value the initiating host will dynamically reduce the size of the outgoing packets, until the packet arrives at its intended destination. PMTUD should always be switched on in any well behaving network implementation, but here's the rub: some network nodes, firewalls, servers are configured to never respond with *any* ICMP packets (because they think that this is a way to avoid DDoS problems and the like). Therefore, the initiating host keeps sending large packets never knowing that they are dropped on the way. This network problem is known as a PMTUD black hole and is explained better here: http://tools.ietf.org/html/rfc2923 Some MSWindows servers were notoriously bad at this, but I think that modern configurations have corrected their buggy ways. Linux machines have PMTUD switched on by default and behave properly. If you are still troubled by the proxy connection stalling problem, have you tried transferring large files over the network using scp/sftp to see if you are also getting similar symptoms? This would isolate it to the application level (squid) or if the problem remains would point to network configuration issues. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
