[Dnsmasq-discuss] using DHCP to set clients' MTU
adam.ant at cyberspaceroad.com
Mon Sep 15 11:28:42 BST 2008
Jan 'RedBully' Seiffert on 12/09/08 12:53, wrote:
> Adam Hardy wrote:
>> Jan 'RedBully' Seiffert on 11/09/08 21:17, wrote:
>>> Hmmm, a mtu of 1430 looks a bit strange, but propably depends on your
>>> link. Some kind of VPN or PPPoA on your side? Or are you saying paypal
>>> has some kind of Tunnel/Route/Whatever which limits THEIR mtu?
> Oh, initially i wasn't even talking about you, but problems on the remote end
> where you have no control how they configure their stuff. Then you are forced
> to employ ugly workarounds on your side. If you check your firewall rules,
> make sure there is a path for icmp-fragmentation-needed packets. (iptables
> <right table> -p icmp --icmp-type fragmentation-needed -j ACCEPT)
OK, I'll go with that, but I'm trying to work out logically if I have blocked
it. What state are the ICMP fragmentation-needed packets returned? Surely they
are RELATED or ESTABLISHED? In that case, I am not blocking them. I only block
INVALID and NEW for most ports.
> I read a little on BT, seems they use PPPoA, and this is terminated on the
> modem... Hmmm, ATM equipment for PCs is rare, so your router has normal
> ethernet to the modem and "sees" an mtu of 1500, while the true mtu is hidden
> in the modem. And i thought one of the benefits of pppoa was, that the mtu is
> kept at 1500. Any chance your new hosting service has a funny uplink? (should
> not, a big site should have a "real" connection and not a dsl line...) /me is
> tottaly confused Gnarf, seems this is even a bigger PITA than PPPoE ...
> Searching for the right mtu turned up a lot of values, does someone know the
> true mtu of a BT PPPoA link? (note: first and foremost you better find the
> real mtu of the link, to get a grip on the problem, then one can think about
> adjusting/tuning it to better match the ATM-part of the connection)
> The modem faced interface of your router needs the MTU set to the true value.
> This way your router should not send packets to big (or fragment them), your
> clients should get an fragmentation-needed when they try to.
Using http://www.dslreports.com/tweaks I see that my network is unpingable under
the 'ICMP (ping) check' result. That looks bad in view of the above.
But it also tells me:
Max packet sent (MTU): 1488
Max packet recd (MTU): 1418
Retransmitted packets: 4
sacks you sent: 2
so I guess that 1488 is what I should set my ADSL modem to?
> Since you are talking about SMTP, so you had problems sending large packets?
> Then the problem can be on your side, according to my crystal ball ^^. But
> can be also on the remote side... It's important which packet choked, your
> outgoing packet or the incoming packet not coming through to you. Are you
> sure this is a "true" modem and not also a little router, do you have a
> non-private ip-address on your router? Maybe its also twiddling some
> values... Maybe you should go back to sqare one, set everything back to 1500
> and then use tcpdump to see where your packets vanish, or how big they are
> with other known to work sites.
Maybe later if there's no joy with the latest stuff I've learnt about....
> something with 145[0-9] from what i read. Or is BT adding another
> encapsulation like L2TP?
I searched the most useful UK broadband users forum for L2TP and only saw
references to it in connection with resellers or wholesale. It doesn't look like
something that BT are using on my (& other retail customers') connection.
More information about the Dnsmasq-discuss