[Dnsmasq-discuss] using DHCP to set clients' MTU
Hi, searched the archives and the net and was surprised not to see any hits for MTU except its generic appearance in log statements. I had to change my MTU on my workstations to1430 to get SMTP and some websites to work (e.g. paypal). Can I tell dnsmasq to send the MTU setting with the DHCP information? My attempts to hack it into the config haven't worked. Thanks Adam
Re: [Dnsmasq-discuss] using DHCP to set clients' MTU
On Thursday 11 September 2008 14:08, Adam Hardy wrote: > Hi, > > searched the archives and the net and was surprised not to see any hits > for MTU except its generic appearance in log statements. > > I had to change my MTU on my workstations to1430 to get SMTP and some > websites to work (e.g. paypal). > > Can I tell dnsmasq to send the MTU setting with the DHCP information? > > My attempts to hack it into the config haven't worked. > > > Thanks > Adam Adam I use the following statement to set the mtu size to 1492 for clients connected to eth0: dhcp-option=eth0,26,1492 Steven.
Re: [Dnsmasq-discuss] using DHCP to set clients' MTU
Steven Jan Springl on 11/09/08 15:20, wrote: On Thursday 11 September 2008 14:08, Adam Hardy wrote: Hi, searched the archives and the net and was surprised not to see any hits for MTU except its generic appearance in log statements. I had to change my MTU on my workstations to1430 to get SMTP and some websites to work (e.g. paypal). Can I tell dnsmasq to send the MTU setting with the DHCP information? My attempts to hack it into the config haven't worked. Thanks Adam Adam I use the following statement to set the mtu size to 1492 for clients connected to eth0: dhcp-option=eth0,26,1492 Steve, thanks for the info! For anyone else looking at this in future, there's a good doc here: http://www.faqs.org/rfcs/rfc2132.html All the best Adam
Re: [Dnsmasq-discuss] using DHCP to set clients' MTU
Adam Hardy wrote:
Steven Jan Springl on 11/09/08 15:20, wrote:
On Thursday 11 September 2008 14:08, Adam Hardy wrote:
Hi,
searched the archives and the net and was surprised not to see any hits
for MTU except its generic appearance in log statements.
I had to change my MTU on my workstations to1430 to get SMTP and some
websites to work (e.g. paypal).
Can I tell dnsmasq to send the MTU setting with the DHCP information?
My attempts to hack it into the config haven't worked.
Thanks
Adam
Adam
I use the following statement to set the mtu size to 1492 for clients
connected to eth0:
dhcp-option=eth0,26,1492
Steve, thanks for the info!
For anyone else looking at this in future, there's a good doc here:
http://www.faqs.org/rfcs/rfc2132.html
Hmmm, a mtu of 1430 looks a bit strange, but propably depends on your link. Some
kind of VPN or PPPoA on your side? Or are you saying paypal has some kind of
Tunnel/Route/Whatever which limits THEIR mtu?
In an ideal World you would not need to fiddle with your mtu, because a thing
called "path mtu discovery" should catch this.
Your kernel sends packets with the "Don't Fragment"-Bit (DF) set, and every
router on the way to the target should sent you a packet back when your packet
is to big, so your kernel can lower the pmtu, till it fits.
Unfortunatly, this does not always work, either because the setup is so complex
(vpn over a tunnel over dailup...) that errors are not properly propagated, or,
and this is more anoing, because some Admins block ICMP, which is needed for
this to work. In their view ICMP is "evil" and a 1337 H4x0r protocol, neglegting
that it is a needed part for {TCP|UDP}/IP to work. A big german freemail
provider was notoriously known for this braindamage for years.
But before you lower your clients mtu, do you know where the mtu bottleneck is
and/or is your router by chance a Linux box? (such things can shurely also be
done with other gear, but i don't know how)
Because there are two other and maybe more interresting solutions:
1) Linux knows an iptables target named TCPMSS. It adjusts the tcp mss, so it
won't help you on UDP, but "fixes" the most commen case, that tcp connection
hang. But only if your router sees the mtu bottleneck (PPPoE or something
similar).
Look at your iptables man-page, it comes with an example command.
Most SOHO-router-in-a-box implement this, maybe it it switched off?
This also fixes problems with other sites, until their pmtu is lower than yours
and they do the braindamaged stuff...
2) You can try setting the pmtu early (so icmp messages reach the client) by
setting up a route with the right mtu on your router. Hmmm, you can even set it
on the clients. Example:
$ dig paypal.com MX
[snip]
;; QUESTION SECTION:
;paypal.com.IN MX
;; ANSWER SECTION:
paypal.com. 461 IN MX 10 data.ebay.com.
[snip]
;; ADDITIONAL SECTION:
lore.ebay.com. 3462IN A 66.135.195.181
$ whois 66.135.195.181
OrgName:eBay, Inc
[snip]
NetRange: 66.135.192.0 - 66.135.223.255
CIDR: 66.135.192.0/19
NetName:EBAY-1
# ip route add to 66.135.192.0/19 via mtu 1430
$ tracepath 66.135.195.181
1: my_box.lan (192.168.0.2)0.224ms pmtu 1430
1: my_gateway.lan (192.168.0.254) 0.286ms
[snip]
Problem is, you would have to set this up for every pmtu blackhole...
HTH
All the best
Adam
Greetings
Jan
--
Murphy's Law of Combat
Rule #3: "Never forget that your weapon was manufactured by the
lowest bidder"
Re: [Dnsmasq-discuss] using DHCP to set clients' MTU
Jan 'RedBully' Seiffert on 11/09/08 21:17, wrote:
Adam Hardy wrote:
Steven Jan Springl on 11/09/08 15:20, wrote:
On Thursday 11 September 2008 14:08, Adam Hardy wrote:
searched the archives and the net and was surprised not to see any hits
for MTU except its generic appearance in log statements.
I had to change my MTU on my workstations to1430 to get SMTP and some
websites to work (e.g. paypal).
Can I tell dnsmasq to send the MTU setting with the DHCP information?
My attempts to hack it into the config haven't worked.
I use the following statement to set the mtu size to 1492 for clients
connected to eth0:
dhcp-option=eth0,26,1492
Steve, thanks for the info!
For anyone else looking at this in future, there's a good doc here:
http://www.faqs.org/rfcs/rfc2132.html
Hmmm, a mtu of 1430 looks a bit strange, but propably depends on your link.
Some kind of VPN or PPPoA on your side? Or are you saying paypal has some
kind of Tunnel/Route/Whatever which limits THEIR mtu?
In an ideal World you would not need to fiddle with your mtu, because a thing
called "path mtu discovery" should catch this. Your kernel sends packets
with the "Don't Fragment"-Bit (DF) set, and every router on the way to the
target should sent you a packet back when your packet is to big, so your
kernel can lower the pmtu, till it fits. Unfortunatly, this does not always
work, either because the setup is so complex (vpn over a tunnel over
dailup...) that errors are not properly propagated, or, and this is more
anoing, because some Admins block ICMP, which is needed for this to work. In
their view ICMP is "evil" and a 1337 H4x0r protocol, neglegting that it is a
needed part for {TCP|UDP}/IP to work. A big german freemail provider was
notoriously known for this braindamage for years.
But before you lower your clients mtu, do you know where the mtu bottleneck
is and/or is your router by chance a Linux box? (such things can shurely also
be done with other gear, but i don't know how)
Because there are two other and maybe more interresting solutions:
1) Linux knows an iptables target named TCPMSS. It adjusts the tcp mss, so it
won't help you on UDP, but "fixes" the most commen case, that tcp connection
hang. But only if your router sees the mtu bottleneck (PPPoE or something
similar). Look at your iptables man-page, it comes with an example command.
Most SOHO-router-in-a-box implement this, maybe it it switched off? This also
fixes problems with other sites, until their pmtu is lower than yours and
they do the braindamaged stuff...
2) You can try setting the pmtu early (so icmp messages reach the client) by
setting up a route with the right mtu on your router. Hmmm, you can even set
it on the clients. Example:
Hi Jan,
I really appreciate the feedback - although I think your option (2) is slightly
beyond what I want to get into for the sake of network admin here! I must admit
that I set up the iptables firewall on my gateway machine, and I need to look at
it to check whether I inadvertantly blocked this ICMP business.
The gateway has a NIC connected to a DSL modem and that has no firewall, it's
just my machine and BT on the other side.
I had problems with SMTP and a new hosting service - a solar powered hosting
service provider actually :) - and the man said I should try lowering my MTU. I
looked into the situation a little and set my workstation MTU to 1458, an
apparently well-used value for it. I had no joy with the SMTP still, so I
lowered my gateway's MTU to 1458 and my workstation to 1430, which was a value I
chose. Hence the 'oddness' of it.
Regards
Adam
