On Feb 20, 2012, at 10:27 PM, Masataka Ohta wrote: > Steven Bellovin wrote: > >>> Timer timeouts do not affect TCP MSS. > >> RFC 2923: >> TCP should notice that the connection is timing out. After >> several timeouts, TCP should attempt to send smaller packets, >> perhaps turning off the DF flag for each packet. If this >> succeeds, it should continue to turn off PMTUD for the connection >> for some reasonable period of time, after which it should probe >> again to try to determine if the path has changed. > > So? > >> It's Informational, not standards track, but the problem >> -- and the fix -- have been known for a very long time. > > I'm not sure what, do you think, is the problem, because the > paragraph of RFC2923 you quote has nothing to do with TCP > MSS.
Sure it does. That's in 2.1; the start of it discusses PMTUD failing for various reasons including firewalls. > > The relevant section of the RFC (relevant to MSS) should be: > > The MSS should be determined based on the MTUs of the interfaces on > the system, as outlined in [RFC1122] and [RFC1191]. > > which means MSS is constant. The text I quoted says, in so many words, "send smaller packets". I don't know how it's possible to be more explicit than that. > > Note also that the next paragraph (next to the paragraph you > quote) of the RFC eventually says to use PMTU of 1280B for > IPv6 if there are black holes. It is not a very good thing > to do especially for IP over IP tunnels, because 1280B > packets are always fragmented if they are carried over a > tunnel with MTU of 1280B. Please cite in context. The text I quoted says that one option is to try turning off DF; the next paragraph notes that you can't do that on v6. It also doesn't say to to use PMTU of 1280, it says that that's a good fallback, and notes that v6 support requires that. Although it doesn't say so, I'll note that IP in IP makes the outer IP effectively a link layer for the inner IP; as such, it has to preserve all of the relevant properties including a link MTU of 1280. If that doesn't work -- though it most likely will, since the most common hardware MTU is from the ancient 1500 byte Ethernet size -- the outer IP endpoint has to deal with it appropriately, such as by intentional fragmentation. just as is done for IP over ATM with its 53-byte cell size (RFC 2225). > > As implosion cause by multicast PMTUD of IPv6 requires ICMP > PTB black holed, you can expect a lot of black holes. > > Masataka Ohta > --Steve Bellovin, https://www.cs.columbia.edu/~smb