Re: pmtu blackhole discovery

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Try to formulate an good algorithm for it and you'll see. When do you want to 

Yeah, there isn't a perfect way to go about it.  The informational RFC
that suggests blackhole discovery doesn't even make useful suggestions
about how it's properly done.

> In practice everybody seems to just rewrite MSS options instead. 

Alright,  here's my situation:

I have a large network of mostly-Apache servers to millions of clients
worldwide, mostly running Windows.  I am finding that I have
blackhole-related issues some of these clients.

Microsoft has a workaround that works in at least SOME cases: on the
last retransmit, unset DF and use an MTU of 576.  Though it's a hack
it *does* mean a fair number of those clients are able to reach me
through broken networks, but I can't talk back -- I get a GET and
sending the data back fails.

Since there are potentially thousands of networks involved, I can't
exactly just call every network administrator involved and suggest
they stop blocking icmp or upgrade their broken routers.  USing MSS
clamping would be pretty suboptimal -- the problem isn't my direct
uplink, it's some number of broken transit nets between me and some
number of clients, and for all the rest of my clients I *want* to use
pmtu discovery.  Financially speaking, I can't give up on those users,
because every one I don't talk to is money I don't make.

I'm not saying that blackhole discovery should be on by default, or
that it shouldn't be surrounded by flashing red neon signs warning the
user it's a terrible hack, but it seems like there must be a lot of
major networks running Linux servers that could use this feature.

It looks like the only option I've got is to switch to Windows servers
if I want to talk to these users ... or to implement it myself.  That
said, I'm digging 'round in the code trying to figure out how to do it
-- if anybody has suggestions, I'd love to hear them.

-- 
					thanks,
		
					Will
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux