Re: MPD and fragmentation
- From: Mihai Tanasescu <mihai@xxxxxxxx>
- Date: Thu, 26 Jul 2007 11:41:56 +0300
Artyom Viklenko wrote:
Mihai Tanasescu wrote:Hello,
With help from another FreeBSD user on this list I was able to set up an MPD pptp server to allow windows machines to connect to it.
Unfortunately now I've stumbled upon some strange behaviors.
First of all I'm getting icmp losses even if I use a test LAN to make a tunnel to the local FBSD machine, but these don't seem to affect my transfer rate when trying to get a large file via HTTP from the same machine.
What bothers me most is that some sites (like msn.com, microsoft.com, etc) don't seem to be loading.
What I first thought about was the mss problem and so I discovered the following:
22:54:36.633254 IP (tos 0x0, ttl 64, id 14254, offset 0, flags [DF], proto: ICMP (1), length: 56) FBSD-IP > 207.68.183.32: ICMP FBSD-IP unreachable - need to frag (mtu 1336), length 36
In my config file I have:
set iface mtu 1500
set link mtu 1440
set iface enable tcpmssfix
My full config is posted here:
http://pastebin.com/m66a3c05f
My system:
FreeBSD 6.1-RELEASE-p17
MPD 4.1
I played a bit with the above mentioned values with no luck unfortunately.
I'm still wondering (don't know if I'm right) if a too large packet comes from 207.68.183.32 why doesn't it get fragmented upon being sent via ng0 -> pptp1 and instead of this happening my machine sends an ICMP unreachable back.
Also I have pf running on that machine with a NAT rule for traffic not destined to the local network (but after several experiments with that nothing changed in regard to the problem I have).
I'm banging my head against the wall as I don't know what else to try anymore.
Can someone help me out ?
If you use PF, try to add rule
scrub in all fragment rassemble no-df
And VERY carefully check your ruleset. May be you block icmp in some place
and PMTU doesn't work.
As as last resort you can add
max-mss <some-size> to scrub rule. <some-size> may be some value in
range of 1300-1460.
Sometimes it helps.
Tried playing with the pf options.
I have removed from mpd the iface mtu option and now I only have set iface mtu 1460.
Still when trying to access www.msn.com (and similar sites) I see with tcpdump:
After lowering the MSS from pf the communication started like this:
11:25:02.980179 IP (tos 0x0, ttl 127, id 31152, offset 0, flags [DF], proto: TCP (6), length: 48) 86.105.56.134.65390 > 207.68.183.32.80: S, cksum 0x977a (correct), 942644994:942644994(0) win 65535 <mss 1300,nop,nop,sackOK>
(the outgoing mss got lowered to 1300)
86.105.56.134 = my test IP address on which I'm NAT-ing packets from ng0 with pf
11:25:03.190826 IP (tos 0x0, ttl 63, id 40014, offset 0, flags [none], proto: TCP (6), length: 44) 207.68.183.32.80 > 86.105.56.134.65390: S, cksum 0x5fb4 (correct), 3691466834:3691466834(0) ack 942644995 win 8190 <mss 1400>
11:25:03.191677 IP (tos 0x0, ttl 127, id 31155, offset 0, flags [DF], proto: TCP (6), length: 40) 86.105.56.134.65390 > 207.68.183.32.80: ., cksum 0x9733 (correct), 1:1(0) ack 1 win 65535
11:25:03.192210 IP (tos 0x0, ttl 127, id 31157, offset 0, flags [DF], proto: TCP (6), length: 804) 86.105.56.134.65390 > 207.68.183.32.80: P 1:765(764) ack 1 win 65535
11:25:03.422363 IP (tos 0x0, ttl 63, id 40290, offset 0, flags [DF], proto: TCP (6), length: 1440) 207.68.183.32.80 > 86.105.56.134.65390: P 1:1401(1400) ack 765 win 8190
11:25:03.422417 IP (tos 0x0, ttl 64, id 58490, offset 0, flags [DF], proto: ICMP (1), length: 56) 86.105.56.134 > 207.68.183.32: ICMP 86.105.56.134 unreachable - need to frag (mtu 1396), length 36
IP (tos 0x0, ttl 63, id 40290, offset 0, flags [DF], proto: TCP (6), length: 1440) 207.68.183.32.80 > 86.105.56.134.65390: [|tcp]
The is the ng0 established MTU:
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1396
inet 192.168.1.129 --> 192.168.1.130 netmask 0xffffffff
I have upgraded MPD to 4.2
pkg_info | grep mpd
mpd-4.2.2 Multi-link PPP daemon based on netgraph(4)
I have disabled windowing:
set pptp disable windowing
I have enabled the multilink for a test:
set bundle enable multilink
The Ethernet interface (rl0 - 86.105.56.134) that is used both as the endpoint for tunnel connections and for NAT for anything not destined to the local net:
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
Also I'm upgrading the system today from 6.1 to 6.2.
I tried transferring data inside my net without going through the pf NAT but unfortunately I'm not seeing any problem here that could help me replicate the icmp unreachable need frag mtu 1396 problem.
Have you got any more ideas on what I should try ?
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: MPD and fragmentation
- From: Artyom Viklenko
- Re: MPD and fragmentation
- References:
- MPD and fragmentation
- From: Mihai Tanasescu
- Re: MPD and fragmentation
- From: Artyom Viklenko
- MPD and fragmentation
- Prev by Date: Re: MPD and fragmentation
- Next by Date: Re: MPD and fragmentation
- Previous by thread: Re: MPD and fragmentation
- Next by thread: Re: MPD and fragmentation
- Index(es):
Relevant Pages
|
|
