On Feb 20, 2012, at 10:27 PM, Masataka Ohta wrote:
Steven Bellovin wrote:
Timer timeouts do not affect TCP MSS.
RFC 2923: TCP should notice that the connection is timing out. After several timeouts, TCP should attempt to send smaller packets, perhaps turning off the DF flag for each packet. If this succeeds, it should continue to turn off PMTUD for the connection for some reasonable period of time, after which it should probe again to try to determine if the path has changed.
So?
It's Informational, not standards track, but the problem -- and the fix -- have been known for a very long time.
I'm not sure what, do you think, is the problem, because the paragraph of RFC2923 you quote has nothing to do with TCP MSS.
Sure it does. That's in 2.1; the start of it discusses PMTUD failing for various reasons including firewalls.
The relevant section of the RFC (relevant to MSS) should be:
The MSS should be determined based on the MTUs of the interfaces on the system, as outlined in [RFC1122] and [RFC1191].
which means MSS is constant.
The text I quoted says, in so many words, "send smaller packets". I don't know how it's possible to be more explicit than that.
Note also that the next paragraph (next to the paragraph you quote) of the RFC eventually says to use PMTU of 1280B for IPv6 if there are black holes. It is not a very good thing to do especially for IP over IP tunnels, because 1280B packets are always fragmented if they are carried over a tunnel with MTU of 1280B.
Please cite in context. The text I quoted says that one option is to try turning off DF; the next paragraph notes that you can't do that on v6. It also doesn't say to to use PMTU of 1280, it says that that's a good fallback, and notes that v6 support requires that. Although it doesn't say so, I'll note that IP in IP makes the outer IP effectively a link layer for the inner IP; as such, it has to preserve all of the relevant properties including a link MTU of 1280. If that doesn't work -- though it most likely will, since the most common hardware MTU is from the ancient 1500 byte Ethernet size -- the outer IP endpoint has to deal with it appropriately, such as by intentional fragmentation. just as is done for IP over ATM with its 53-byte cell size (RFC 2225).
As implosion cause by multicast PMTUD of IPv6 requires ICMP PTB black holed, you can expect a lot of black holes.
Masataka Ohta
--Steve Bellovin, https://www.cs.columbia.edu/~smb