[Asterisk-Users] Re: UDP Fragmentation Problem

Tom Ivar Helbekkmo tih at eunetnorge.no
Mon Nov 1 10:01:46 MST 2004 

Bastian Schern wrote:

> How I can setup Linux to handle UDP fragments?

There's no setting up to do -- it simply handles them correctly.  Any
IP stack has to.  The problem isn't there, but is an unfortunate
interaction between the sender and gateway/firewalls along the way.

Julio Arruda wrote:

| But....it is quite weird they have such a small MTU. Many websites
| that have problems with Path MTU discovery would be broken by that
| (dumb websites, but still, way too many...).

The web sites in question aren't the problem.  Again, it's things that
happen to the packets along the way that cause communication to fail.

The normal scenario is this:

A system that wants to do "path MTU discovery" sends out its packets
with the "do not fragment" flag set.  When a link is reached, along
the way to the destination, where the MTU is smaller than the size of
the packet, an error message is returned; an ICMP "must fragment"
message.  The originating system then reduces the size of packets sent
to this specific destination -- and, of course, reduces them further
if another error is returned.

However, lots of firewall "administrators" mistakenly believe that
it's a good idea to block ICMP error messages.  (They may have heard
about abuse of ICMP by black hats back when grandpa was young...)
Thus, the error message never gets back to the sender, which keeps
sending out too large packets with the "do not fragment" flag, and the
packets never reach the destination.  Small packets get through, while
large ones don't, so a connection can typically be established, but
bulk data transfer (ftp data, web pages, &c) doesn't work.

Modern Microsoft IP stacks do path MTU discovery by default, which
means that the problem is often seen when accessing IIS web sites.
But it's not "dumb websites", it's dumb firewall administrators. :-)

-tih
-- 
Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway Hosting
www.eunet.no  T +47-22092958 M +47-93013940 F +47-22092901 FWD 484145

More information about the asterisk-users mailing list