tech-net: bad MTU disc + ipnat interraction

Subject: bad MTU disc + ipnat interraction
To: None <tech-net@netbsd.org>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-net
Date: 06/02/1999 15:34:31
Hi,
today I found a strange behavior of a NAT host. Here is my setup:

armandeche-gw <-------------------------> antifer <------> internet
            tun0                    tun0         vr0
            10.0.0.1            10.0.0.2         132.227.72.132
            mtu 1400            mtu 1400         mtu 1500

antifer is doing NAT for armandeche:
map vr0 10.0.0.1/32 -> 132.227.72.132/32 proxy port ftp ftp/tcp
map vr0 10.0.0.1/32 -> 132.227.72.132/32 portmap tcp/udp 40000:60000
map vr0 10.0.0.1/32 -> 132.227.72.132/32 

While running a 'cvs update' against cvs.netbsd.org, the connextion reliably
time out in the middle of file transfert. I think this is because
cvs.netbsd.org is doing PMTU discovery, but fails to get back the icmp message
for too big packets. A tcpdump shows:

11:10:53.222456 0:80:5f:a7:97:dc 0:80:c8:d4:bf:6b ip 1514: nb00.nas.nasa.gov.ssh > antifer.ipv6.lip6.fr.40040: . 21:1469(1448) ack 159148 win 17520 <nop,nop,timestamp 12490102 824941> (DF) [tos 0x10]
11:10:53.222520 0:80:c8:d4:bf:6b 0:80:5f:a7:97:dc ip 70: antifer.ipv6.lip6.fr > nb00.nas.nasa.gov: icmp: armandeche-gw unreachable - need to frag (mtu 1400)
11:11:57.218466 0:80:5f:a7:97:dc 0:80:c8:d4:bf:6b ip 1514: nb00.nas.nasa.gov.ssh > antifer.ipv6.lip6.fr.40040: . 21:1469(1448) ack 159148 win 17520 <nop,nop,timestamp 12490230 824941> (DF) [tos 0x10]
11:11:57.218525 0:80:c8:d4:bf:6b 0:80:5f:a7:97:dc ip 70: antifer.ipv6.lip6.fr > nb00.nas.nasa.gov: icmp: armandeche-gw unreachable - need to frag (mtu 1400)
11:13:01.221698 0:80:5f:a7:97:dc 0:80:c8:d4:bf:6b ip 1514: nb00.nas.nasa.gov.ssh > antifer.ipv6.lip6.fr.40040: . 21:1469(1448) ack 159148 win 17520 <nop,nop,timestamp 12490358 824941> (DF) [tos 0x10]
11:13:01.221774 0:80:c8:d4:bf:6b 0:80:5f:a7:97:dc ip 70: antifer.ipv6.lip6.fr > nb00.nas.nasa.gov: icmp: armandeche-gw unreachable - need to frag (mtu 1400)
11:14:05.210759 0:80:5f:a7:97:dc 0:80:c8:d4:bf:6b ip 1514: nb00.nas.nasa.gov.ssh > antifer.ipv6.lip6.fr.40040: . 21:1469(1448) ack 159148 win 17520 <nop,nop,timestamp 12490486 824941> (DF) [tos 0x10]
11:14:05.210830 0:80:c8:d4:bf:6b 0:80:5f:a7:97:dc ip 70: antifer.ipv6.lip6.fr > nb00.nas.nasa.gov: icmp: armandeche-gw unreachable - need to frag (mtu 1400)

nb00.nas.nasa.gov doesn't reduce the size of packets sent.
Souldn't antifer anserw with 'antifer unreachable' instead of
'armandeche-gw' unreacheable for this to work ?

I guess PMTU discovery properly works on nb00.nas.nasa.gov, otherwise I guess
some developers would already have got some problems :)

comments ? Is there a simple way to solve this in ipnat ?

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--