From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 3375E1381F3 for ; Sun, 1 Sep 2013 10:31:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5B7BAE0EF1; Sun, 1 Sep 2013 10:31:13 +0000 (UTC) Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com [209.85.212.180]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 31AFDE0EB8 for ; Sun, 1 Sep 2013 10:31:11 +0000 (UTC) Received: by mail-wi0-f180.google.com with SMTP id l12so873547wiv.7 for ; Sun, 01 Sep 2013 03:31:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=fXQIPlioFD37jlEimMA5J5cPYWHGkx4rzLBYJSlRgqw=; b=uVZv7mR77lY0axdw5T57ehhFvfOOzFXPPwjphS+PCNr0mZ2egpHGD22F5G960uaVcd 82pI3O4LAnokaHp37IfiCjM1R/6EpGOU6+Kjk5atd90P6LcJnxGi1LheTYhr1HbqfTeJ SmHe/13NjHeuybpzXM29/cWpBTbWz09zKL1SHewE3FMqjQqPgeWtLdaWRUWtJBoR5xMT zK5i5M4DM4mjUD9+IM4T6QBkOTe8B8CBRSZJnbL1wYvaER0ag+LXyQKZZOHW/ww6YULh COyPWeKkT0R+BTcngyGBQ8E7wE8Rw6JcENIBNyIFLHMQwTqU5Fgajs/tYNt1vpqHSZi9 gstA== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.180.189.37 with SMTP id gf5mr9244099wic.31.1378031470478; Sun, 01 Sep 2013 03:31:10 -0700 (PDT) Received: by 10.194.93.199 with HTTP; Sun, 1 Sep 2013 03:31:10 -0700 (PDT) In-Reply-To: <201309010937.48181.michaelkintzios@gmail.com> References: <201308271527.09340.michaelkintzios@gmail.com> <201309010937.48181.michaelkintzios@gmail.com> Date: Sun, 1 Sep 2013 03:31:10 -0700 Message-ID: Subject: Re: [gentoo-user] PMTUD From: Grant To: Gentoo mailing list Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: 99625050-a3df-40c3-90d2-fdf67d30e7cc X-Archives-Hash: 681deaf1830bae3ee63f7fc0d428020d >> Thanks Mick. Can you generally rely on PMTUD to set the MTU optimally >> or should this be experimented with when changing connections? > > Short answer: default Linux machine settings behave properly as network > devices and acknowledge packets larger than their MTU value with the > appropriate response. > > Longer answer: > > Communications between IPv4 end points use PMTUD by setting a Don't Fragment > (DF) bit in the headers of the outgoing packet. If a router/server along the > path has a smaller MTU, it will drop that packet and respond with an ICMP > 'Destination Unreachable -- Fragmentation Needed' packet including its smaller > MTU value. Upon receiving this smaller packet value the initiating host will > dynamically reduce the size of the outgoing packets, until the packet arrives > at its intended destination. PMTUD should always be switched on in any well > behaving network implementation, but here's the rub: some network nodes, > firewalls, servers are configured to never respond with *any* ICMP packets > (because they think that this is a way to avoid DDoS problems and the like). > Therefore, the initiating host keeps sending large packets never knowing that > they are dropped on the way. This network problem is known as a PMTUD black > hole and is explained better here: > > http://tools.ietf.org/html/rfc2923 > > Some MSWindows servers were notoriously bad at this, but I think that modern > configurations have corrected their buggy ways. Linux machines have PMTUD > switched on by default and behave properly. Got it, thank you. > If you are still troubled by the proxy connection stalling problem, have you > tried transferring large files over the network using scp/sftp to see if you > are also getting similar symptoms? This would isolate it to the application > level (squid) or if the problem remains would point to network configuration > issues. How can I make this determination? I'm testing a 50MB scp over hotel wifi from my laptop to the remote proxy server now (with squid running in case it matters) and it seems OK. It oscillates constantly between 0.0KB/s and 80.0KB/s. As soon as I start browsing via the proxy server, the upload frequently goes to "stalled" but I suppose that could be a bandwidth issue. Browsing still stalls before very long. - Grant