[OpenAFS-devel] Bad AFS performance over wide area due to
packet fragmentation problems
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 25 Aug 2008 18:21:55 -0400
--On Monday, August 25, 2008 11:56:12 PM +0200 Harald Barth <haba@kth.se>
wrote:
> All this stuff confuses me and a lot of network equipment and I allway
> try to turn it OFF. Working MTU discovery for the whole path would be
> nice. Can we do better than the usual ICMP based one that seldom works
> because of firewalls NAT and the like?
No, we cannot. Where there is an intermediate segment whose MTU is lower
than those of the segments directly attached to the endpoints, path MTU
discovery requires the cooperation of the network. The ICMP
destination-unreachable fragmentation-needed subcode is the mechanism
provided by the Internet Protocol for performing path MTU discovery.
For all that they are evil, NAT's do not break path MTU discovery.
What breaks path MTU discovery are
- Overzealous firewalls which block ICMP destination-unreachable codes,
generally because they have been configured by someone who does not
really understand networking and has heard that ICMP is evil.
- Incorrectly-configured routers which directly connect segments with
differing MTU's, but do not generate ICMP destination-unreachable
fragmentation-needed messages when necessary.
Both of these generally completely break TCP when there is an intermediate
segment with a lower MTU. Thus, if you have a broken deployment, it should
be noticed pretty quickly and should break things other than AFS.
-- Jeff