TCP transport again
Alexander Clouter
alex at digriz.org.uk
Sat Sep 26 02:03:12 CEST 2009
Stefan Winter <stefan.winter at restena.lu> wrote:
>
>> regarding this - a new feature of 2.1.7 related to the DF bit for the UDP
>> packets. I believe that the change meant that the do not fragment bit was
>> changed to be set -
>
> No, it *unsets* the bit. Linux sets it by default, and in effect, can
> cause large packets to be discarded if MTU decreases on the link
> somewhere. Unsetting it gives at least a good chance that routers *can*
> fragment the large packet if need be. Unless your routers are broken of
> course.
>
Tell me if I am being stupid, but why don't we just crank down the MTU
for IPv4 traffic to 576 (for IPv6 this should not be necessary IIRC as
userspace should be informed if the packet is too large...but them with
DF it should too for IPv4, right?)? The only time I have seen any MTU
related problems is with our useless Cisco WLC 4400 that sulks if it
receives any packets larger than 1300 bytes...
Fragments on networks should always be avoided, I understand crypto
packed traffic (EAP and isakmp for example) can end up knocking out
fragmented traffic but surely there is no harm in trying to persuade
them not to be formed.
Is there something about EAP that prevents payloads being spread across
several EAP-Messages? Apologies for not munching the RFC's, but they
do not exactly make for light bedtime reading :)
Cheers
--
Alexander Clouter
.sigmonster says: He is the best of men who dislikes power.
-- Mohammed
More information about the Freeradius-Devel
mailing list