HPE Community
Operating System - Linux
1823472 Members
2361 Online
109660 Solutions
New Discussion

PMTU

 
SOLVED
Go to solution
Jeff_Traigle
Honored Contributor

‎06-20-2008 08:03 AM

‎06-20-2008 08:03 AM

PMTU

Novell hasn't been any help getting an answer to this. Hopefully someone here knows.

By default, PMTU is enabled. In HP-UX, you can disable it with two different strategies... use MTU of 576 or use max MTU of the link for any destination not directly connected to the host. I haven't found anything that describes what disabling PMTU does in Linux. What happens if net.ipv4.ip_no_pmtu_disc is set to 1? Is there only the option to enable/disable without an option of strategy as in HP-UX?

Also, is there an equivalent to tcp_xmit_hiwater_def and tcp_recv_hiwater_def? I haven't seen any parameters that jump out at me as such.
--
Jeff Traigle
0 Kudos
Reply
1 REPLY 1
Matti_Kurkela
Honored Contributor

‎06-20-2008 10:40 PM

‎06-20-2008 10:40 PM

Solution

Re: PMTU

If you set net.ipv4.ip_no_pmtu_disc to 1, all Path MTU Discovery is disabled on all interfaces.

If you need a more fine-grained workaround to PMTU problems, you should try MSS clamping. It's a feature of iptables. It takes effect at the TCP level, causing it to never try to send any packets larger than the specified value. This limits the maximum size of the IP packet, so PMTU problem is never triggered.

For outgoing traffic from the local host:

iptables -t mangle -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

For traffic your machine is forwarding (if you use it as a router):
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

You can add source/destination IP/port options if you wish to limit the effect to some hosts only.

The above matches the HP-UX strategy of using the MTU of the link. Alternatively, you could replace the --clamp-mss-to-pmtu option with "--set-mss ". This allows things like sending larger-MSS traffic through a link to other destinations, while limiting the MSS when connecting to one particular destination.

(From the iptables man page: "This target is used to overcome criminally braindead ISPs or servers which block ICMP Fragmentation Needed packets.")

Alternatively, if you use the more complicated "ip" command to configure your routes instead of the simple "route" command, you can use the "mtu lock " option to prevent Path MTU Discovery for that particular route. This works for all protocols, not only for TCP; but if all you need is TCP connectivity, the iptables solution may be easier to integrate with your distribution's network setup scripts.

For settings functionally equivalent to HP-UX's tcp_xmit_hiwater_def and tcp_recv_hiwater_def, read Documentation/networking/tcp.txt and Documentation/networking/ip-sysctl.txt files in the Linux kernel documentation.

Basically, Linux has a congestion control algorithm that auto-tunes things like this, and kernel versions 2.6.13 and above can have multiple congestion control "plug-ins", so you can choose a more suitable algorithm if the default one does not work for you.

Depending on the chosen algorithm, there may be various parameters you can use to tweak the algorithm if necessary.

MK
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.