I got a little bit interested in this, so below are a few pointers
to how to continue with investigation.
On Wed, 30 Jul 2008, j t wrote:
Here are the results of the 2 boundary-case pings:
$ ping -s 1472 -M do ocp.com.com
PING c18-ad-xw-lb.cnet.com (216.239.122.193) 1472(1500) bytes of data.
64 bytes from c18-ad-xw-lb.cnet.com (216.239.122.193): icmp_seq=1
ttl=241 (truncated)
Truncated means that you got less data than you expected. Here you're
requesting 1472B but you're only getting 56+8B.
You should try to figure out where this is disappearing. Can you do a
ping -s 1472 without "truncated" with other sites internet? This will
give you clues whether the issue is at your end or the destination
network end.
My suspicion is that the load-balancer at ocp.com.com has interesting
ICMP implementation that even if you ping it with big packets, it
replies with small packets, and you can't figure out MTU issues like
this.
$ ping -s 1473 -M do ocp.com.com
PING c18-ad-xw-lb.cnet.com (216.239.122.193) 1473(1501) bytes of data.
From t60jt (192.168.0.3) icmp_seq=1 Frag needed and DF set (mtu = 1500)
From t60jt (192.168.0.3) icmp_seq=1 Frag needed and DF set (mtu = 1500)
From t60jt (192.168.0.3) icmp_seq=1 Frag needed and DF set (mtu = 1500)
From t60jt (192.168.0.3) icmp_seq=1 Frag needed and DF set (mtu = 1500)
If I am correct, success with "-s 1472" means that an mtu of 1500
should work (i.e. lowering the mtu down to 1499 should not be
necessary). Consequently, I don't want to drop the mtu down to 1499 if
that will simply mask/cover a bigger problem.
Note that you're getting this ICMP message apparently from a local
network and it doesn't prove much in and of itself.
As for your questions:
a) Dropping the mtu down to 1499 doesn't tell me why wget works under
windows (without the need to drop the mtu).
b) Dropping the mtu down to 1499 doesn't tell me why wget (under
linux) works if I force my router to grab a public-facing ip address
in the range 93.96.x.x.
c) Dropping the mtu down to 1499 doesn't agree with/explain the
results of the ping testing, which follows...
If you want to figure this out, I think you'll need to run tcpdump on
the host (both windows and linux) and compare the TCP streams as they
seem to you. Specifically I'd look for the MSS negotiated size,
whether one uses fragments and one doesn't, and used TCP options.
(Even better would be doing a few tests to another host in internet,
which is also running tcpdump. This would show if your ISP is
modifying any packets.)
As for IP address differences, 93/8 was allocated by IANA in 2007/03,
78/8 in 2006/08; with more recent IP address blocks, it's common that
some misguided sites and ISPs filter these in their "bogon" filters.
Maybe with one prefix a router in that prefix sends an ICMP packet too
big message but it is discarded by filters.
The inconclusiveness of ping testing was shown above.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
