[ On Wednesday, June 14, 2000 at 07:21:54 (-0500), Brett Frankenberger wrote: ]
Subject: Re: PMTU-D: remember, your load balancer is broken
PMTU Discovery is important when you have larger MTUs on the ends and small MTUs in the middle. For example, a tunnel (VPN or otherwise) between two routers or VPN servers, for a WAN link with a small MTU, or ...
I think that should read: "PMTU Discovery is important when you have larger MTUs on either end...." Almost all of my systems, until recently, were advertising an MSS default of 512, and I've had either a PPP connection with an MTU of about 1024, (I forget exactly what it was), or more recently a GRE tunnel with an MTU of 1460. Back when my router was PPP connected I had enormous problems with SunOS-4.1.x, and only slightly fewer problems with NetBSD. Since discovering that servers with an MSS default of 512 bytes cannot possibly ever deliver good TCP throughput to local high-speed customers (eg. on a cable or DSL plant), I've also been hard-coding a TCP MSS default of 1460 on most systems I control (though on cable modem squid servers, etc., it could probably safely be raised to 1500, but of course on my GRE tunnel this is the maximum I can use without fragmentation).
It's a real problem, and the Load Balancer manufacturers need to handle the ICMPs properly.
You're damn right it is! In fact I think I'm having this very problem with segue.merit.edu [198.108.1.41] trying to deliver some NANOG messages to my server ever since yesterday or the day before! (Another server at theplanet.co.uk is definitely giving me these headaches -- I still have to capture a failed connection from segue.merit.edu to prove the latter though....) The system in question still has an MSS default of 512. I've not yetI'm not exactly a TCP guru, but I'm guessing that nothing will improve even if I increase it to 1460.... Maybe I'll try this anyway because in the mean time those damn mailers are clogging mine with zillions of stagnant connections and are preventing any other mailers from delivering.... Personally I think it should be required that an admin jump through multiple burning hoops and then prove he or she can stop a charging locomotive and leap tall buildings before they are allowed to turn on Path-MTU-discovery. Any OS vendor that ships with it on by default should be put in stocks in the town centre so they can be publicly humiliated! -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>