[OpenAFS-devel] Solaris 10 predicament update

Dean Anderson dean@av8.com
Wed, 26 Sep 2007 15:33:53 -0400 (EDT)


On Wed, 26 Sep 2007 haba@kth.se wrote:

> Unfortunately, misconfigured firewalls will prevent path MTU discovery on
> the Internet in the future, so I have given up on any chance of bigger
> than Ethernet-sized packets on WAN connections. And what is WAN and what
> not must be configured by hand. Don't get me started ;-)

In the future?? They do this now.  BTW, you can refer people to my page
ICMP: http://www.av8.net/ICMPTypes.txt 
I post this to netfilter every once in a while to educate people against
blindly blocking ICMP altogether.

> So if RX really is not caring about the MTU so much, why not say 1400 for
> the moment and get it over with?

1280 on IPv6. (duck!)


In all seriousness, however, occasional PMTU problems are no reason not
to do pmtu discovery. There may be problems in some cases for some
people, with some packet sizes more than "some x".  I think it is handy
and important to be able to manually "fix" the MTU problem with a
manually set maximum packet size, and let pmtud do the work in the cases
where it can.

TCP applications can be fixed by adjusting the MSS size at a router, but
no such luck applies to UDP applications, except to make sure DF is not
set on the IP packet.  To be efficient without pmtud, the application
has to be able to send smaller packets either though its own
configuration, or though another built-in protocol (which we don't have
the option for)


> And Dale, if you are still listening after my rant about MTU sizes,
> there ARE folks that really want to roll out that Solaris patch...

Yes. I raise my hand to that.

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000