strange beviour of pmtu discovery

From: Markus Schlup (markus@qbik.ch)
Date: Fri Mar 10 2006 - 04:40:55 EST

Dear all,
I have a Solaris 10 box which acts as proxy server for our clients.
Clients in remote offices are connected via a VPN line which
decreases the PMTU to 1442. For some connections pmtud does not
seem to work correctly. Solaris gets the ICMP fragmentation needed
packets but nevertheless tries sending packets with MTU 1500.

A packet trace (on the proxy) of such a connection looks like that:

Time Source Destination Prot Info
255.137349 10.10.x.x 194.124.x.x TCP 1259 > 8080 [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1460
255.137420 194.124.x.x 10.10.x.x TCP 8080 > 1259 [SYN, ACK] Seq=0 Ack=1 Win=49640 [TCP CHECKSUM INCORRECT] Len=0 MSS=1460
255.147709 10.10.x.x 194.124.x.x TCP 1259 > 8080 [ACK] Seq=1 Ack=1 Win=17520 Len=0
255.150214 10.10.x.x 194.124.x.x HTTP GET http://www.google.ch/ HTTP/1.1
255.150241 194.124.x.x 10.10.x.x TCP 8080 > 1259 [ACK] Seq=1 Ack=496 Win=49640 [TCP CHECKSUM INCORRECT] Len=0
255.488598 194.124.x.x 10.10.x.x HTTP HTTP/1.0 200 OK (text/html)
255.488636 194.124.x.x 10.10.x.x HTTP Continuation or non-HTTP traffic
255.488646 194.124.x.x 10.10.x.x HTTP Continuation or non-HTTP traffic
255.488816 194.124.x.x 10.10.x.x HTTP Continuation or non-HTTP traffic
255.489097 194.124.x.x 10.10.x.x TCP 8080 > 1259 [FIN, ACK] Seq=4166 Ack=496 Win=49640 [TCP CHECKSUM INCORRECT] Len=0
255.490898 10.1.x.x 194.124.x.x ICMP Destination unreachable (Fragmentation needed)
255.514101 10.10.x.x 194.124.x.x TCP [TCP Dup ACK 5013#1] 1259 > 8080 [ACK] Seq=496 Ack=1 Win=17520 Len=0 SLE=2921 SRE=2966
255.514978 10.10.x.x 194.124.x.x TCP [TCP Dup ACK 5013#2] 1259 > 8080 [ACK] Seq=496 Ack=1 Win=17520 Len=0 SLE=2921 SRE=4166
255.514979 10.10.x.x 194.124.x.x TCP [TCP Dup ACK 5013#3] 1259 > 8080 [ACK] Seq=496 Ack=1 Win=17520 Len=0 SLE=2921 SRE=4167
265.637916 194.124.x.x 10.10.x.x HTTP [TCP Retransmission] HTTP/1.0 200 OK (text/html)
265.639528 10.1.x.x 194.124.x.x ICMP Destination unreachable (Fragmentation needed)
268.118975 10.10.x.x 194.124.x.x TCP 1259 > 8080 [FIN, ACK] Seq=496 Ack=1 Win=17520 Len=0
268.119002 194.124.x.x 10.10.x.x TCP 8080 > 1259 [ACK] Seq=4167 Ack=497 Win=49640 [TCP CHECKSUM INCORRECT] Len=0
279.147951 194.124.x.x 10.10.x.x HTTP [TCP Retransmission] HTTP/1.0 200 OK (text/html)
279.149025 10.1.x.x 194.124.x.x ICMP Destination unreachable (Fragmentation needed)
306.157875 194.124.x.x 10.10.x.x HTTP [TCP Retransmission] HTTP/1.0 200 OK (text/html)
306.159196 10.1.x.x 194.124.x.x ICMP Destination unreachable (Fragmentation needed)
420.157963 194.124.x.x 10.10.x.x HTTP [TCP Retransmission] HTTP/1.0 200 OK (text/html)
480.157963 194.124.x.x 10.10.x.x HTTP [TCP Retransmission] HTTP/1.0 200 OK (text/html)
540.167832 194.124.x.x 10.10.x.x HTTP [TCP Retransmission] HTTP/1.0 200 OK (text/html)
600.167922 194.124.x.x 10.10.x.x HTTP [TCP Retransmission] HTTP/1.0 200 OK (text/html)
660.177912 194.124.x.x 10.10.x.x HTTP [TCP Retransmission] HTTP/1.0 200 OK (text/html)
720.181326 194.124.x.x 10.10.x.x HTTP [TCP Retransmission] HTTP/1.0 200 OK (text/html)

Another way of showing the problem is by issuing 'netstat -ravn':
# netstat -ravn

IRE Table: IPv4
  Destination Mask Gateway Device Mxfrg Rtt Ref Flg Out In/Fwd
-------------------- --------------- -------------------- ------ ----- ----- --- --- ----- ------
...
10.14.x.x 255.255.255.255 194.124.x.x bge0 1500* 0 6 UHA 9 0
10.14.x.x 255.255.255.255 194.124.x.x bge0 1442* 0 1 UHA 1 0
...

For one host it shows me a size of 1500 bytes, for the other host
it shows 1442 bytes ...

Any idea, suggestion, explanation, solution, patch?

Kind regards,
Markus
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:39:16 EDT