Wiki source code of Internet Protocol (IP)
Version 3.2 by Sebastian Marsching on 2022/05/29 13:30
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{toc/}} | ||
| 2 | |||
| 3 | # Path MTU Discovery Issues | ||
| 4 | |||
| 5 | Issues with different MTUs on a network path can be extremely hard to debug. Usually they are caused by some router in between not sending ICMP messages if a package is to big (or these messages being filtered on their way back). Typical symptoms are that you can "ping" a host and you can also establish a connection and transfer some data, but sometimes the connection stalls (e.g. a website is not loaded completely). | ||
| 6 | |||
| 7 | Luckily, if you have a Linux system somewhere in the path, there is a way to fix this problem, which I discovered in the [Linux Advanced Routing & Traffic Control HOWTO](http://lartc.org/howto/lartc.cookbook.mtu-mss.html). | ||
| 8 | |||
| 9 | You can use the following IPTables rules: | ||
| 10 | |||
| 11 | ```bash | ||
| 12 | iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu # IPv4 | ||
| 13 | ip6tables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu # IPv6 | ||
| 14 | ``` | ||
| 15 | |||
| 16 | I use `-I` instead of `-A` because this rule should be the first rule in the `FORWARD` chain, so that it is applied to all packets passing through. | ||
| 17 | |||
| 18 | If you are experiencing MTU related problems, you might also be interested in some informationen regarding the MTU setting for [[6to4 tunnels|doc:.IPv6.WebHome]] and [[OpenVPN virtual private networks|doc:Software.OpenVPN.WebHome]]. You should try the fixes described there first (if applicable), because using the clamp MSS options is more of a last resort then a best practice. | ||
| 19 | |||
| 20 | ## MTU and MSS Explained | ||
| 21 | |||
| 22 | If you wonder why TCP connections work sometimes, even if path MTU discovery is broken, you might be interested in a [very interesting article](http://blog.thousandeyes.com/troubleshooting-path-mtu-tcp-mss-problems/) in the [ThousandEyes](https://sebastian.marsching.com/wiki/ThousandEyes) blog. Thanks to the colleague who pointed me to this article! | ||
| 23 | |||
| 24 | # Find the MTU for a Certain Path | ||
| 25 | |||
| 26 | The MTU for a certain path can be found with ping (I found these instructions at [http://www.dslreports.com/faq/695](http://www.dslreports.com/faq/695)): | ||
| 27 | |||
| 28 | Windows: | ||
| 29 | |||
| 30 | ```bat | ||
| 31 | ping -f -l 1472 <target> | ||
| 32 | ``` | ||
| 33 | |||
| 34 | Linux: | ||
| 35 | |||
| 36 | ```bash | ||
| 37 | ping -s 1472 <target> | ||
| 38 | ``` | ||
| 39 | |||
| 40 | macOS: | ||
| 41 | |||
| 42 | ```bash | ||
| 43 | ping -D -s 1472 <target> | ||
| 44 | ``` | ||
| 45 | |||
| 46 | Add 28 to the largest number with which the ping is successful. The resulting number is the MTU. |