[GTALUG] Rogers and MTU size
james.knott at rogers.com
Mon Jan 5 12:56:01 UTC 2015
On 01/04/2015 11:42 PM, D. Hugh Redelmeier wrote:
> | From: James Knott <james.knott at rogers.com>
> | One thing I noticed recently was that my firewall, running Linux, was
> | getting a MTU of 576 bytes, instead of the normal 1500 bytes.
> 576 is the smallest legal MTU for IPv4. I could imagine some system
> defaulting to this in the absence of other knowledge.
> In other messages you show that this is an explicit setting from Rogers'
> DHCP server. That certainly sounds like a bad configuration at their end.
Yes, I verified option 26 was set to 576 in the DHCP acks.
> My Rogers connection has an MTU of 1500.
> The normal (non-jumbo) MTU size for ethernet is 1500.
> ADSL uses PPPoE encapsulation which eats 8 bytes off the MTU.
> | You can
> | verify the MTU with a ping -s 1500 <destination>. If that works, then
> | you have a 1500 byte MTU along the entire path to the destination.
> Not quite. "ping -s 1500" on IPv4 generates a 1508-byte ICMP packet.
> Plus any encapsulation that might be used (probably none with Rogers).
I've been wondering about that too. From my desktop computer, I can
ping Yahoo with 1500, but from my ThinkPad, only 1472. But from that
same ThinkPad, I can ping a local computer with 1500. I'll have to
investigate that more.
> Elsewhere you mention PMTU discovery. The folk wisdom (as of a few years
> ago) was that this is useless since so many routers and firewalls drop the
> necessary ICMP messages. Sad.
Take a look at your outgoing packets and you'll likely see the do not
fragment flag is set. This means that if you hit a lower bandwidth link
your packets will be dropped. So, I don't know how many are blocking
those ICMP messages. Certainly no responsible carrier would. Blindly
blocking them shows more ignorance than anything. Also, since IPv6
doesn't allow fragmentation, PMTUD is mandatory with it.
> | I have advised Rogers of this and the person I was speaking to agreed it
> | should be 1500. Let's see if they fix it.
> Years ago I tried to report DHCP RFC violations to Rogers customer
> support folks and got nowhere. There seemed to be no connection
> between the customer support department and the relevant engineering
I also got the brush off from the support tech, who didn't even know
what MTU was. However, I shortly after received a survey email. I
replied, expressing my dissatisfaction. I then heard back from someone
who agreed that the MTU shouldn't be set to 576. In fact, they
shouldn't be setting it at all.
More information about the talk