Re: Problem of blocking ICMP packet while calculating Path MTU

From: David Efflandt (efflandt_at_xnet.com)
Date: 05/08/04 

Date: Sat, 8 May 2004 14:27:28 +0000 (UTC)

On 8 May 2004 05:20:28 -0700, Rajat <myself_rajat@yahoo.com> wrote:
> Dear All,
>
> I am in process of implementing Path MTU detection technique. So for
> that I have to send ICMP ECHO request packets to destination host, and
> process the received ICMP ECHO reply packets.
>
> I read that the ICMP server is embedded in the kernel of OS itself, so
> there is no need to write server code at all. So for sending and
> receiving of ICMP packets we will use raw sockets without specifying
> any port number.
>
> But in between the network, some routers have some firewall
> configuration so that they will simply drop any incomming ICMP packet
> without sending any response to the sender. Hence originating host
> will not be aware of the status of destination host.
> These firewall settings are due to some attacks like Ping of deth,
> Denial of request etc.
>
> Can any one provide me any solution to overcome this problem.

Are you actually establishing a connection, or just probing hosts you do
not control (probably NOT a good idea)?

I am no expert no tcp details. But if you establish an accepted valid
connection, I would think both ends would be aware of the other's MSS (40
bytes less than MTU). However, even that can be problematic if not
directly connected (destination behind NAT router).

When I sent test mail to smtp server behind adsl hardware router (with WAN
ping disabled) at home, it worked when mail was smaller than packet size.
But mail with attachment from work (DS-3 connection) to home (PPPoE) kept
doing "timeout during data transfer" (both ends mtu 1500, but fragmented
packets through mtu 1492 PPPoE were not accepted by Linux). As soon as I
set smtp server LAN nic to mtu 1492, it appropriately adjusted MSS so
client knew proper mtu to get through PPPoE, and the mail arrived.

So if a server is properly configured, it can work with a smaller than
default MTU even if PMTU discovery is blocked. 

-- 
David Efflandt - All spam ignored  http://www.de-srv.com/

Relevant Pages

  • Re: SBS 2003 Setup recommendation
    ... Your suggestion about MTU looks very interesting. ... We want something lige the following setup: http://pings.dk/sbssetup.gif ... agaist SBS2003 server. ... IPSec adds a small overhead the size of a packet which would make packets ...
    (microsoft.public.windows.server.sbs)
  • Re: 64K limit for socket send
    ... 150 MTU, isn't it better for the server to send 1500 size packets ... arrive at the receiver for the datagram to be reassembled. ...
    (comp.os.vms)
  • Understanding path MTU discovery
    ... As far as I can tell from my reading, if a computer on the internet accesses our web server, but the reply from the server is too big (for example, the client computer is using a PPPoE link with an MTU of 1492), the client's ISP's gateway router will send an ICMP package back to our router. ... I understand that I could mark incoming packets from clients so that replies are sent out through the same interface they came in, but I would prefer to balance the output packets. ...
    (comp.os.linux.networking)
  • Re: 64K limit for socket send
    ... If I have a 1500 MTU (server side) and some remote dialup user has 150 ... isn't it better for the server to send 1500 size packets and let ...
    (comp.os.vms)
  • Re: 64K limit for socket send
    ... If I have a 1500 MTU (server side) and some remote dialup user has 150 ... isn't it better for the server to send 1500 size packets and let ... the last-hop router will be forbidden to fragment it. ...
    (comp.os.vms)