On Fri, Jun 13, 2003 at 11:15:43PM -0500, Donald Lee wrote:
> Dear list,
> 
> My production machine - running NetBSD 1.5.2 - also runs apache and
> serves a few dozen web sites.
> 
> It has come to my attention recently that a very few people cannot
> get to any of the sites on this server.  Tracking this down, I have
> found that the server is sending out packets that are too large.
> The MTU in use when serving up data is in the 1400+ range, and with
> network paths that only allow smaller MTUs, this does not work because
> the endpoints do not handle fragments very well (at all).
> 
> The plot thickens...
> 
> I also have another machine on the same ethernet switch that works fine
> with these same people who cannot get to the main web server.  Tcpdump
> tells me that the packets being served from this NetBSD machine are
> 512 bytes max.
> 
> My question:
> 
> My reading of the RFCs and of Richard Stevens tells me that the packets
> destined for the "nonlocal" network should default to a max MTU of 512 (536).
> 1.6.1 seems to do this, but 1.5.2 does not.
> 
> Can anyone can tell me if this is a bug, or something I need to do something
> about.  Is there a sysctl setting I can set to make this work "correctly".

I think it is something that got added between 1.5 and 1.6

> 
> I have also learned that MTU path discovery is an option, but this is not
> on by default, and I am a little afraid of it.  Are there any good reasons
> not to enable this on a web server - a fairly busy one?

I have it enabled on all my servers, and I didn't notice problems.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--