[AusNOG] MTU debugging? (Or possibly just a fault with Amazon SES?)

Mark Andrews marka at isc.org
Wed Jun 3 12:31:45 EST 2015 

In message <287364545.4594356.1433297845041.JavaMail.yahoo at mail.yahoo.com>, Mar
k ZZZ Smith writes:
>
> MSS hacking is definitely a hack, it doesn't work on non-TCP protocols,
> and involves looking far deeper into each and every packet to
> -  see if they're TCP-  find the TCP header (which in theory may not
> always be in the same place because of IP options)  
> -  then see of they're TCP SYNs, -  find the TCP MSS option, if it exists
> (it's optional), and if it does,  find where it is, because it isn't
> required to be in the same place,-  update the TCP MSS value-  since the
> contents of the TCP header has been intentionally changed, recalculate
> the TCP header checksum and update that too.  
> and after all that, you still haven't fixed your PMTUD problem, you've
> just pasted over it for just one of the possible protocols that can be
> used end-to-end over the Internet (which could include TCP hidden inside
> some other protocol e.g. GRE, PPTP, IPsec, so you haven't even fixed it
> for all TCP traffic either). MSS hacking should really only be used when
> it isn't possible or feasible to fix or avoid PMTUD issues.
>
> If you want to avoid the cost of PMTUD for dumbbell MTU paths, it is
> better to lower the interface MTU on the source and destination hosts, as
> it will then work for all protocols the hosts' use, not just TCP. There
> is a DHCPv4 MTU option that can be used to do this, although some hosts
> may not support it, so it'd be best to check it, and manually change the
> MTUs on hosts that don't. IPv6 RAs have an MTU option that can be used to
> lower hosts' interface MTUs, and support for that option by IPv6 hosts is
> mandatory. You'll lose some performance for transfers between hosts
> attached to the same LAN with lower host MTUs, but if the majority of
> traffic is to or from off-link destinations or sources, as most traffic
> is for most LANs, the loss of LAN performance won't occur very often, and
> when it does, it may not be significant anyway.
>

There are also various socket options that can be used to set transmit
packet sizes at the application level.  Named does this for IPv6 as
PMTUD (TCP and UDP) as bigger packets really don't provide a benefit
for DNS.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the AusNOG mailing list