Understanding path MTU discovery

Can someone confirm or correct my understanding of path MTU discovery regarding packets passing through a linux router/firewall to a server on a DMZ? As far as I can tell from my reading, if a computer on the internet accesses our web server, but the reply from the server is too big (for example, the client computer is using a PPPoE link with an MTU of 1492), the client's ISP's gateway router will send an ICMP package back to our router. The router will see this as a "related" packet, and pass it on to the web server in the DMZ, and the web server will use the smaller packet size for the rest of the connection.

Will the web server machine remember that lower MTU as being connected to the client's IP address, so that future connections by the client will avoid the overhead of the path MTU discovery, or will the discovery be needed for each new connection? I presume the lower MTU will not be needed for connections to/from other IP addresses.

What will happen if our router has more than one route back to the client (i.e., two DSL links)? I understand that I could mark incoming packets from clients so that replies are sent out through the same interface they came in, but I would prefer to balance the output packets (downstream ADSL has more than enough bandwidth for web server requests, but it would be best to take advantage of two upstream links for replies). Suppose the client's original request comes in via eth0, gets passed on to the server on eth2, and the reply happens to go out on eth1 via the other ADSL line. The ICMP packet complaining about the MTU size is going to be sent back to the eth1 address - will that still count as "related" and therefore be passed on to the web server?

Thanks,

David
.

Relevant Pages

  • RE: POP 3 Errors/Warnings
    ... Server MTU is 1472, Router MTU was 1468. ... You can find the method how to set the MTU value for SBS server in my last ...
    (microsoft.public.windows.server.sbs)
  • Re: Understanding path MTU discovery
    ... to a server on a DMZ? ... PPPoE link with an MTU of 1492), the client's ISP's gateway router ... As far as I can see, allowing "related" ICMP packets through should cover the required messages while blocking any other ICMP's. ... lower MTU will not be needed for connections to/from other IP ...
    (comp.os.linux.networking)
  • Re: WORM? ... server generating NBT-NS (port 137) traffic on WAN interface
    ... Another possibility is that another computer on the network is channeling through the SBS server since you mentioned a WAN NIC, so I have to assume you are running 2 nics and SBS is tunneling LAN traffic. ... We have to target monitoring on the LAN interface because your router will be logging the packets as coming from SBS. ... they are...SBS does NAT so everything on the WAN side of the link will appear to the router as originating from the SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Changing ISP smoothly..
    ... router is still there and is the natural default route. ... If your server is configured with a public IP address now there should ... current best practice for ISPs to filter out traffic from customers ... let you redirect host-generated outbound packets based on source address, ...
    (uk.telecom.broadband)
  • Re: Changing ISP smoothly..
    ... configure port 80 passthrough on the new router to point at my server. ... By my reckoning the packets will all come in eventually by the new router, but return traffic will go out of the old one? ... If your server is configured with a public IP address now there should ... current best practice for ISPs to filter out traffic from customers ...
    (uk.telecom.broadband)