[OpenAFS] Re: mtu problem

chas williams - CONTRACTOR chas@cmf.nrl.navy.mil
Fri, 8 Feb 2013 10:24:55 -0500

On Fri, 08 Feb 2013 09:56:16 -0500
Derek Atkins <warlord@MIT.EDU> wrote:

> I didn't say "all", I said "many".  And yes, there are many sites on the
> internet that cannot be accessed reliably from many OSes that do PMTUD,
> particularly if you have some pipe between you and the site that is
> smaller than your endpoint MTU (e.g. an IP tunnel, be it GRE, IPsec,
> etc).  I have plenty of first-hand experience with this.

you dont even need something that exotic.  two sites running jumbo
frames and the standard internet between them breaks things pretty

> The fix I've put in is to have all my hosts behind the tunnel have an
> MTU of 1492 instead of 1500, because otherwise it reliably fails to many
> sites because the ICMP doesn't get back to me.

the original poster said he was seeing packets of 1488 bytes that were
failing.  it is a bit puzzling how you would get this since afs
typically not generate a packet and a very tiny fraction of a packet.
it makes me wonder if he has a tagged vlan on his host and a switch
that doesnt support frames bigger than 1500 bytes.