can ayone please tell me, why sometimes when tunneling or any other sort of encapsulation is performed along the network path from A to B, it is necessary to lower the MTU / MSS value on a router ?
Why is Packetization Layer Path MTU Discovery (PLPMTUD) no enough to sort the MTU issue out. As per RFC 4821
"Packetization Layer Path MTU Discovery (PLPMTUD) is a method for TCP or other Packetization Protocols to dynamically discover the MTU of a path by probing with progressively larger packets. It is most efficient when used in conjunction with the ICMP-based Path MTU Discovery mechanism as specified in RFC 1191 and RFC 1981, but resolves many of the robustness problems of the classical techniques since it does not depend on the delivery of ICMP messages.
The general strategy is for the Packetization Layer to find an appropriate Path MTU by probing the path with progressively larger packets. If a probe packet is successfully delivered, then the effective Path MTU is raised to the probe size."
Also I created a small lab with two VM's and VyOS as router between and configured the MTU on both interfaces to 1500 and 700 respectively. I was not able to capture any ICMP messages as per RFC 1191
" The basic idea is that a source host initially assumes that the PMTU of a path is the (known) MTU of its first hop, and sends all datagrams on that path with the DF bit set. If any of the datagrams are too large to be forwarded without fragmentation by some router along the path, that router will discard them and return ICMP Destination Unreachable messages with a code meaning "fragmentation needed and DF set" . Upon receipt of such a message (henceforth called a "Datagram Too Big" message), the source host reduces its assumed PMTU for the path."
But when using mturoute toll i can clearly see that it sends packages with different payload to determine the PMTU!
Please help my with this issue.
asked 19 Nov '15, 08:21
Because broken systems, and over-zealous admins, either fail to generate the ICMP fragmentation needed message, or block them entirely.
answered 19 Nov '15, 09:17