[Talk] finding the mtu for a particular site

Nick Simicich talk@flux.org
Sun, 13 Aug 2006 23:40:52 -0400 

On Fri, 2006-08-11 at 12:47, Terry Richards wrote:

Out of interest, because I had never heard of it before, I did a google
on "clamp mss to pmtu".  I found this site,
http://iptables-tutorial.frozentux.net/chunkyhtml/x4700.html which
suggests a different way of using changing MSS, either 

iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --set-mss 1460

or 

iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --clamp-mss-to-pmtu

Putting this in mangle/postrouting is probably better than putting it in
FORWARD since this will affect all packets exiting the system including
the ones originating on the machine, if I understand the tables that
iptables uses.

In the bad old days, it was common for machines to have two MTU settings
- one for the local  net which might be set as high as 3000 for 16
megabit token ring, and another for those packets which were going to be
routed. That setting was commonly 512. It turned out that NFS performed
so badly that it was better to allow it to fragment packets and so
people would set their NFS buffer size to 8192 knowing that the packets
would be fragmented and possibly refragmented - but performance
measurements still said that the fewest trips through NFS the best.

> If you experience odd errors (such as not being some webpages while 
> others load fine), you may be having Path MTU Discovery trouble. The 
> quick way to test is to run this iptables command:
> 
> iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
> 
> This will affect all new connections, so just refresh the website you're 
> having problems with in order to test. In case it helps, the standard 
> MTU value for 100mbit ethernet connections is 1500 while for PPPoE 
> connections it is 1492. For more info, you should read Chapter 15 of the 
> Linux Advanced Routing & Traffic Control HOWTO <http://lartc.org/howto/>.
> 
> /|\
> 
> _______________________________________________
> Talk mailing list
> Talk@flux.org
> http://www.flux.org/mailman/listinfo/talk
-- 
Blog: http://majordomo.squawk.com/njs/blog/blogger.html
Atom: http://majordomo.squawk.com/njs/blog/atom.xml
RSS: http://majordomo.squawk.com/njs/blog/atom.rdf