Please note that about 5% of the machines out there do not understand an
MTU different than 1500, because some firewalls blocks all ICMP packets
instead of sending back the ICMP packet with the recommended MTU.
I explain further.
You have a client machine A, a router A with MTU 576, another router B,
a firewall B and a web server B with MTU 1500 and MTU discovery.
You request a page to server B, server B send the packet with more than
576 bytes and the don't fragment flag. Router A drop the packet and send
back an ICMP packet back to server B with the MTU required to pass
router A. Firewall B drops the ICMP packet. Server B does not learn
that his packet nver reached.
The case is true if router A drop the packet and don't send an ICMP. We
have a black hole router.
Do not filter all ICMP packets!
In NT you can enable BlackHole router discovery (cf below)
Cheers.
On 09 Jul 2001 08:49:37 -0700, David LeBlanc wrote:
> ============================================================
> EnablePMTUDiscovery REG_DWORD 0 | 1
>
> Default: 1
>
> Determines whether TCP uses a fixed, default maximum transmission unit
(MTU)
> or attempts to detect the actual MTU.
>
> Value Meaning
> 0 TCP uses an MTU of 576 bytes for all connections to computers
outside the
> local subnet.
> 1 TCP attempts to discover the MTU of the path to a remote host.
> By discovering the Path MTU and limiting TCP segments to this size,
TCP can
> eliminate fragmentation at routers along the path that connects
networks
> with different MTUs. Fragmentation reduces TCP throughput and
increases
> network congestion.
