[Dnsmasq-discuss] using DHCP to set clients' MTU
Adam Hardy
adam.ant at cyberspaceroad.com
Thu Sep 11 23:58:22 BST 2008
Jan 'RedBully' Seiffert on 11/09/08 21:17, wrote:
> Adam Hardy wrote:
>> Steven Jan Springl on 11/09/08 15:20, wrote:
>>> On Thursday 11 September 2008 14:08, Adam Hardy wrote:
>>>> searched the archives and the net and was surprised not to see any hits
>>>> for MTU except its generic appearance in log statements.
>>>>
>>>> I had to change my MTU on my workstations to1430 to get SMTP and some
>>>> websites to work (e.g. paypal).
>>>>
>>>> Can I tell dnsmasq to send the MTU setting with the DHCP information?
>>>>
>>>> My attempts to hack it into the config haven't worked.
>>>
>>> I use the following statement to set the mtu size to 1492 for clients
>>> connected to eth0:
>>>
>>> dhcp-option=eth0,26,1492
>>
>> Steve, thanks for the info!
>>
>> For anyone else looking at this in future, there's a good doc here:
>>
>> http://www.faqs.org/rfcs/rfc2132.html
>
> Hmmm, a mtu of 1430 looks a bit strange, but propably depends on your link.
> Some kind of VPN or PPPoA on your side? Or are you saying paypal has some
> kind of Tunnel/Route/Whatever which limits THEIR mtu?
>
> In an ideal World you would not need to fiddle with your mtu, because a thing
> called "path mtu discovery" should catch this. Your kernel sends packets
> with the "Don't Fragment"-Bit (DF) set, and every router on the way to the
> target should sent you a packet back when your packet is to big, so your
> kernel can lower the pmtu, till it fits. Unfortunatly, this does not always
> work, either because the setup is so complex (vpn over a tunnel over
> dailup...) that errors are not properly propagated, or, and this is more
> anoing, because some Admins block ICMP, which is needed for this to work. In
> their view ICMP is "evil" and a 1337 H4x0r protocol, neglegting that it is a
> needed part for {TCP|UDP}/IP to work. A big german freemail provider was
> notoriously known for this braindamage for years.
>
> But before you lower your clients mtu, do you know where the mtu bottleneck
> is and/or is your router by chance a Linux box? (such things can shurely also
> be done with other gear, but i don't know how)
>
> Because there are two other and maybe more interresting solutions:
>
> 1) Linux knows an iptables target named TCPMSS. It adjusts the tcp mss, so it
> won't help you on UDP, but "fixes" the most commen case, that tcp connection
> hang. But only if your router sees the mtu bottleneck (PPPoE or something
> similar). Look at your iptables man-page, it comes with an example command.
> Most SOHO-router-in-a-box implement this, maybe it it switched off? This also
> fixes problems with other sites, until their pmtu is lower than yours and
> they do the braindamaged stuff...
>
> 2) You can try setting the pmtu early (so icmp messages reach the client) by
> setting up a route with the right mtu on your router. Hmmm, you can even set
> it on the clients. Example:
Hi Jan,
I really appreciate the feedback - although I think your option (2) is slightly
beyond what I want to get into for the sake of network admin here! I must admit
that I set up the iptables firewall on my gateway machine, and I need to look at
it to check whether I inadvertantly blocked this ICMP business.
The gateway has a NIC connected to a DSL modem and that has no firewall, it's
just my machine and BT on the other side.
I had problems with SMTP and a new hosting service - a solar powered hosting
service provider actually :) - and the man said I should try lowering my MTU. I
looked into the situation a little and set my workstation MTU to 1458, an
apparently well-used value for it. I had no joy with the SMTP still, so I
lowered my gateway's MTU to 1458 and my workstation to 1430, which was a value I
chose. Hence the 'oddness' of it.
Regards
Adam
More information about the Dnsmasq-discuss
mailing list