[OpenAFS-devel] .35 sec rx delay bug?

Buhrmaster, Gary gtb@slac.stanford.edu
Tue, 7 Nov 2006 05:52:51 -0800


This is a multi-part message in MIME format.

------=_NextPart_000_0090_01C70230.E04A7410
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit


> this isnt the first time i have heard of a router refusing to fragment
> udp.  

There is theory, and there is practice.  In practice, the following
are true (in no particular order)

* Some OS's (or NAT devices, or firewalls, or proxy agents,
  or load balancers, or ..) will tag all packets with 
  "don't fragment" as part of their function.
* Some NAT/routers/firewalls/proxies will not pass
  return ICMP messages.
* More and more providers are now using MPLS (or
  IPSEC tunnels, or GRE tunnels, or ...) to enable 
  new functionality (i.e. marketing opportunities), 
  which on some platforms reduces the effective 
  MTU to less than the ethernet MTU of 1500 somewhere 
  along some paths (usually near the end user, since 
  the backbones can usually handle the additional 
  bytes of the label).
* Almost all mainstream routers now do forwarding in
  hardware, but exceptional conditions (including
  fragmentation) are done in alternative (software)
  paths.
* Almost all mainstream routers now have something in
  the hardware that limits control plane traffic "to 
  protect the router".  This includes generating 
  "unreachables" and/or fragmenting packets.  These
  limits tend to be (somewhat) low, since the control
  engine tends to be rather slow by current processor
  standards.  This can substantially limit the amount
  of traffic that can get fragmented (either by
  control plane limiting, or simply by the time it
  takes to do the fragmenting).
* Best Practices for most mainstream providers will
  not send (or severely limit) ICMP unreachables to
  protect the routing infrastructure (either with
  use of the control plane limits, or via other
  global values).
* Some percentage of intermediate routers will use
  RFC1918 addressing, or unadvertised internal
  routing IP addresses.
* Most mainstream providers use some form of IP address
  space validation, blocking traffic from invalid 
  addresses (this is also considered an anti-SPAM
  measure).  Non-advertised addresses (including the
  RFC1918 ones) are often considered invalid, even 
  if the packet is an ICMP unreachable, which will
  drop the packet.

One can talk about how some of these practices are
"bad", or "wrong", or "stupid".  That does not change
the fact that they are, and that they are more likely
to expand than be eliminated (have you not heard that
the Internet is "The Web"?)

And what this all says is that one should not depend on
UDP fragmentation nor icmp unreachables to determine
a paths current (or future, after rerouting) effective
MTU.  The common heuristics require occasional sending of
packets (of various sizes) to determine the useful
path MTU without (path) fragmentation, but one needs
to consider that a low rate, the control plane
limiting may still allow the router to fragment
or send ICMP unreachables.  It is only at the higher 
rates that the packets get dropped.


------=_NextPart_000_0090_01C70230.E04A7410
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJeTCCAwEw
ggJqoAMCAQICEAhAmUwHgQy31U3IjbfeZ0cwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkEx
JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDMyMzIzMTY0MVoXDTA3MDMyMzIzMTY0
MVowZDETMBEGA1UEBBMKQnVocm1hc3RlcjENMAsGA1UEKhMER2FyeTEYMBYGA1UEAxMPR2FyeSBC
dWhybWFzdGVyMSQwIgYJKoZIhvcNAQkBFhVndGJAc2xhYy5zdGFuZm9yZC5lZHUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkK/x8feg/yqrM+o924590xpCHso6ozI9xtMfNyoQOoPqw
v/FMHB7B62D09NxH84M9LKKbELnV3a6QQvVvJJEG49LmY15Jh3Srw5zigKlg37ToHBn0Ttgihp/2
ZPKeekWD7pV/drmNlqTJ+lsIKQtLT72GukEuQDZwcApzm12WRzpBdPpJ0ML+y8cciCORdgNu2T2Y
jJuUDNYDbEbMQWfZIlrcUvVCSKykP1LZmDwjRmUDHiIAss2Zq052Gx16wGe92qQIt9vn73HvTHnX
fJxWIsjBIEy77OKsSXiGIY9yTsMC/4ZPcGXmIUegZofwBFiYPiKKHm0BKWCHIE6N8FOHAgMBAAGj
MjAwMCAGA1UdEQQZMBeBFWd0YkBzbGFjLnN0YW5mb3JkLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqG
SIb3DQEBBAUAA4GBAJwTTKAsmuPH7spVWEZo+e3AtNXumgTp97wSJbpvHH4gsyRtnDqenEmf/Luk
IFFyzUpQkaZq0baG8rDoHCmv5vlG/bpjH6Jrc1L0nIibSO8DjuqZmoCD9wQRlwwzTf1pLBVUKluC
Cqzc+jjKGRollT2NmxoSDrsHX9dRZunbRgXIMIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQF
ADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBU
b3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSsw
KQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTk2MDEwMTAwMDAw
MFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx
EjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsT
H0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25h
bCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfYDFG26nKRsIRefS0Nj3sS
34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5ErHzmj+hND3EfQDimAKOHePb5lIZererA
Xnbr2RSjXW56fAylS1V/Bhkpf56aJtVquzgkCGqYx7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYD
VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawm
u1I1XAjPMPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgCneSa/RP0
ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr5PjRzneigTCCAz8wggKooAMC
AQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENh
cGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNV
BAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJz
b25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3Rl
LmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYD
VQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u
YWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV
+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqq
P3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEE
QB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSG
Mmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1Ud
DwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZI
hvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNw
PP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTl
EBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggN5MIIDdQIBATB2MGIxCzAJBgNVBAYTAlpBMSUw
IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVy
c29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQCECZTAeBDLfVTciNt95nRzAJBgUrDgMCGgUAoIIB
2DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNjExMDcxMzUyMTRa
MCMGCSqGSIb3DQEJBDEWBBRZ9Og6HUWhyT3Ya/pKUYk0CexNCTBnBgkqhkiG9w0BCQ8xWjBYMAoG
CCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTCBhQYJKwYBBAGCNxAEMXgwdjBiMQswCQYDVQQG
EwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh
d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEAhAmUwHgQy31U3IjbfeZ0cwgYcGCyqG
SIb3DQEJEAILMXigdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg
KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EC
EAhAmUwHgQy31U3IjbfeZ0cwDQYJKoZIhvcNAQEBBQAEggEAxt7qk3wTAD/Su0/MtfhufaAcnKlE
01HEDgHw7g1mzgX6bxEZyXSYsj5wP0A7Yqaca63dcGqTIfbMkRxlZ1jrHRaRwVTkjKR9Zq5TAmAi
MWSPUFcKKeU4cgN24bIYYognHeoqSUPbKTmEhmlNLDAOQrcYERCpCfGrfViFK8CXthrzAW40ohwE
I5OBrti1LicaSX70j7ryNLGcLmVuH1zmEYAxDzDmw4t9mVMXsdT/PtCFo+iD81auvRLl8uZ87KtR
mMC8LNlpzbWaOzGKxE/aIP5tAzlYwPiMcuesFgMSzaVWOxe94uSf3p3V9LCJyOmCGqQ/XLw/gxHl
JNMvboEcCwAAAAAAAA==

------=_NextPart_000_0090_01C70230.E04A7410--