tech-net: Re: This PMTU thread

Subject: Re: This PMTU thread
To: None <tech-net@netbsd.org>
From: Greg A. Woods <woods@most.weird.com>
List: tech-net
Date: 11/23/1998 02:08:42
[ On Sun, November 22, 1998 at 16:09:59 (-0500), Charles M. Hannum wrote: ]
> Subject: This PMTU thread
>
> 2) Fragmenting packets with the `don't fragment' bit set explicitly
>    violates the IP spec.  This is not a reasonable solution.
> 
> Rather than breaking the protocol, perhaps we should be concluding
> that this is just another aspect of the shoddy service we get from the
> InterNIC.

Agreed, mostly, which is why I only wanted to do so after it was obvious
that the ICMP reply sent by the router didn't make it to the intended
recipient.  To re-state my proposal as I'm thinking about it now:

I think it should be trivial for a router to recognize this situation by
keeping a short circular queue of records containing information about
hosts which were sent an ICMP "needs frag" bit and when a "enough" ICMP
replies have been sent to a listed host, and that host is still sending
packets too big then this record would be moved to a second fixed length
table.  Any large packets with the DF bit set which arrive from a host
listed in the second table should have their DF bit turned off and the
packet will then be fragmented and forwarded as necessary.  If the
second table fills up then the least recently used entry is reused.
Some kind of logging should be done to warn the administrator if the
tables seem too small to handle the load reliably.

This *is* a hack, but it's only necessary on routers that regularly have
interfaces with smaller than normal MTUs (eg. PPP gateways), and at
least in my experience it'll only ever have to handle a very few hosts
simultaneously (perhaps a few dozen per small-MTU interface).  This hack
*will* help make PMTU-D more robust, and it will do so in far more
situations than any other "fix" proposed so far could ever do.

(From what I've been reading I can't see that the DF bit is something
critical to the correct functioning of the protocol -- it's really only
an internal feature [apps cannot use it], and I've yet to see how and
why turning off the DF bit when necessary will actually break anything.
If nothing gets broken then I don't give a hoot about the "spec"!)

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>