Stefan Winter <stefan.winter@restena.lu> wrote:
regarding this - a new feature of 2.1.7 related to the DF bit for the UDP packets. I believe that the change meant that the do not fragment bit was changed to be set -
No, it *unsets* the bit. Linux sets it by default, and in effect, can cause large packets to be discarded if MTU decreases on the link somewhere. Unsetting it gives at least a good chance that routers *can* fragment the large packet if need be. Unless your routers are broken of course.
Tell me if I am being stupid, but why don't we just crank down the MTU for IPv4 traffic to 576 (for IPv6 this should not be necessary IIRC as userspace should be informed if the packet is too large...but them with DF it should too for IPv4, right?)? The only time I have seen any MTU related problems is with our useless Cisco WLC 4400 that sulks if it receives any packets larger than 1300 bytes... Fragments on networks should always be avoided, I understand crypto packed traffic (EAP and isakmp for example) can end up knocking out fragmented traffic but surely there is no harm in trying to persuade them not to be formed. Is there something about EAP that prevents payloads being spread across several EAP-Messages? Apologies for not munching the RFC's, but they do not exactly make for light bedtime reading :) Cheers -- Alexander Clouter .sigmonster says: He is the best of men who dislikes power. -- Mohammed