On Mon, 4 Aug 2008, j t wrote:
For each of these hosts (ocp.com.com, www.google.com & www.cnet.com),
I can ping them with sizes up to 1472 (and I get truncated results)
but if I increase the packetsize to 1473, I receive no replies at all:
This means that such sites a) reply with smaller packets, and b)
probably don't like fragmented packets (which you have to send if you
increase the packet sizes above 1500).
In the other group are hosts such as slashdot.org, www.debian.org,
www.redhat.com. I can ping these guys with packetsizes of 2000 bytes
with no truncation:
Note that you don't force DF-bit on, so you're sending fragmented
packets to the destination. This doesn't prove or disprove the amount
of fragmentation happening on the network.
$ ping -s 1473 -M do ocp.com.com
PING c18-ad-xw-lb.cnet.com (216.239.122.193) 1473(1501) bytes of data.
From t60jt (192.168.0.3) icmp_seq=1 Frag needed and DF set (mtu = 1500)
From t60jt (192.168.0.3) icmp_seq=1 Frag needed and DF set (mtu = 1500)
From t60jt (192.168.0.3) icmp_seq=1 Frag needed and DF set (mtu = 1500)
From t60jt (192.168.0.3) icmp_seq=1 Frag needed and DF set (mtu = 1500)
If I am correct, success with "-s 1472" means that an mtu of 1500
should work (i.e. lowering the mtu down to 1499 should not be
necessary). Consequently, I don't want to drop the mtu down to 1499 if
that will simply mask/cover a bigger problem.
Note that you're getting this ICMP message apparently from a local network
and it doesn't prove much in and of itself.
Another quick question: do you say that I'm "getting this ICMP message
apparently from a local network" because it says "From t60jt
(192.168.0.3)" in the lines above? If so, what's the relevance - I
ask, since t60jt is _my_ machine (the box I'm sitting in front of)!
Yes. The only thing it says is that your first-hop MTU is 1500 bytes
(you can see the same thing with 'ifconfig'). So, '-s 1472' is the
maximum you could hope to be able to send to the network unfragmented,
so there is no use in using anything greater than that. But you'll
have to force the DF bit (with -M do) in your tests to see if this is
relevant (you didn't do it with testing above).
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
