On Wed, 19 Mar 2008, ann kok wrote:
I have this problem about mtu mismatch
Some DSL clients, some are working fine. (browsing...ping ...)
Some DSL clients have this problem they can't browse the sites. they can ssh the host but couldn't run the command in the shell prompt ping packet are working fine (no packet lost)
Why? but I still don't know why mtu can cause this problem
Are you using PPPoE to transport and manage your DSL users, or are they bridged? Ping packets, unless you specifically use a larger packet size, are usually pretty small. Try running ping tests with a larger packet size, say, 1495 bytes, and see if those fail. HTTP, SSH, etc, can easily (and often do) generate packets up to the maximum segment size. That's why MTU mismatches can seem to affect some types of traffic but not others. The 'lowest common denominator' for MTUs is often 1500 bytes, but protocols that need to wrap or tunnel existing packets (GRE, PPPoE, IPSEC, etc) impose some overhead of their own. Unless the MTU or TCP maximum segment size of the original traffic is reduced a bit, the tunneled packets will need to be fragmented for transport across the network. This can lead to performance problems like the ones you're seeing. The magic number for an MTU on PPPoE DSL is 1492 bytes, based on past DSL aggregation work I've done. jms