[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DF bit - Dont Fragment

On June 21, 2004 09:50 am, Andrew Miehs wrote:

> tried that... But that seemed just to disable PMTU Discovery, and not
> disbale the 'DF' bit... (After the traffic between myself and the server
> via a CIPE tunnel stopped working when the packets got tooo large)
> - Or is there a bug in packet fragmentation in the linux kernel?

Hmmm, I did try it hear and my outgoing packets lacked the DF bit as soon as I 
made that change.  Replies are up to the other side of the connection so they 
may or may not set DF as far as I can tell.

If large packets are being blocked then there is definitely a bug, whether 
it's in the Linux kernel (doubtful), cipe, your firewall (?) or in an 
upstream router is impossible for me to tell.

My bet would be that someone is blocking icmp messages (you, your firewall, 
your ISP?).  There's a really good explanation of PMTU at 
http://www.netheaven.com/pmtu.html that should explain all that for you.

As someone else suggested you can lower the MTU and probably get around the 
problem but it would be better to try and figure out which router is blocking 
your PMTU attempts ... play with the -M option to ping (at least in 
iputils-ping from testing).

Of course I've never used CIPE so I may be totally off base.
Fraser Campbell <fraser@wehave.net>                 http://www.wehave.net/
Georgetown, Ontario, Canada                               Debian GNU/Linux

Reply to: