Path MTU Discovery

Path MTU Discovery (PMTUD) is a standardized technique in

Internet Protocol Version 4 (IPv4).^[1] However, all modern operating systems use it on endpoints. In IPv6, this function has been explicitly delegated to the end points of a communications session.^[2]

As an extension to the standard path MTU discovery, a technique called Packetization Layer Path MTU Discovery works without support from ICMP.^[3]

Implementation

For IPv4 packets, Path MTU Discovery works by setting the Don't Fragment (DF) flag bit in the IP headers of outgoing packets. Then, any device along the path whose MTU is smaller than the packet will drop it, and send back an Internet Control Message Protocol (ICMP) Fragmentation Needed (Type 3, Code 4) message containing its MTU, allowing the source host to reduce its path MTU appropriately. The process is repeated until the MTU is small enough to traverse the entire path without fragmentation.

As IPv6 routers do not

ICMPv6 Packet Too Big (Type 2) message containing its MTU, allowing the source host to reduce its path MTU appropriately. The process is repeated until the MTU is small enough to traverse the entire path without fragmentation.^[4]

If the path MTU changes after the connection is set up and becomes lower than the previously determined path MTU, the first large packet will cause an ICMP error and the new, lower path MTU will be found. If the path changes and the new path MTU is larger, the source will not learn about the increase, because all routers along the new path will be capable of relaying all packets that the source sends using the originally determined, lower path MTU.[5]^[6]^[4]

Problems

Many network security devices block all ICMP messages for perceived security benefits, including the errors that are necessary for the proper operation of PMTUD. This can result in connections that complete the TCP three-way handshake correctly, but then hang when data are transferred. This state is referred to as a black hole connection.^[7]

Some implementations of PMTUD attempt to prevent this problem by inferring that large payload packets have been dropped due to MTU rather than because of link congestion. However, in order for the Transmission Control Protocol (TCP) to operate most efficiently, ICMP Unreachable messages (type 3) should be permitted. A robust method for PMTUD that relies on TCP or another protocol to probe the path with progressively larger packets has been standardized in RFC 4821.

A workaround used by some routers^[

which?] is to change the maximum segment size (MSS) of all TCP connections passing through links that have MTU lower than the Ethernet default of 1500. This is known as MSS clamping.^[8]^{[needs update?}

]

Another problem is when networks administrators don't properly update the MTU between 2 adjacent layer 3 hops if the link between these hops is composed of multiple layer 2 segments with switches between them. Usually the MTU on the outgoing L3 interface is taken from the first L2 segment. But if the second or further segment has a lower MTU the switch that is between will just silently drop the packet without reporting back any ICMP (because only layer 3 hops can generate ICMP "packet too big"). So, in this case admins should update the MTU for each outgoing L3 interface to the minimum MTU of the layer 2 segments used until the next L3 hop.

References

doi:10.17487/RFC1191. RFC 1191. Draft Standard. Obsoletes RFC 1063
.

doi:10.17487/RFC8201. STD 87. RFC 8201. Internet Standard 87. Obsoletes RFC 1981
.

ISSN 2070-1721. RFC 8899. Proposed Standard. Updates RFC 4821, 4960, 6951, 8085 and 8261
.

^
OCLC 810455372
.

^ E. Comer, Douglas (2014). Internetworking with TCP/IP Volume 1 (6th ed.). Pearson. pp. 133–134.
ISBN 0-13-608530-X
.

^ linux source code (ipv4) and linux source code (ipv6) see line with "mtu_expires" 10 * 60 seconds

doi:10.17487/RFC2923. RFC 2923
. Informational.

^ Hubert, Bert (2002). "Circumventing Path MTU Discovery issues with MSS Clamping (for ADSL, cable, PPPoE & PPtP users)". Linux Advanced Routing & Traffic Control HOWTO. Retrieved 2019-04-15.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Path_MTU_Discovery&oldid=1216167537"

[rfc1191-1] :10.17487/RFC1191. RFC 1191. Draft Standard. Obsoletes RFC 1063
.

[rfc8201-2] :10.17487/RFC8201. STD 87. RFC 8201. Internet Standard 87. Obsoletes RFC 1981
.

[rfc8899-3] ISSN 2070-1721. RFC 8899. Proposed Standard. Updates RFC 4821, 4960, 6951, 8085 and 8261
.

[davies146-147-4] 
OCLC 810455372
.

[5] E. Comer, Douglas (2014). Internetworking with TCP/IP Volume 1 (6th ed.). Pearson. pp. 133–134.
ISBN 0-13-608530-X
.

[6] ux source code (ipv4) and linux source code (ipv6) see line with "mtu_expires" 10 * 60 seconds

[rfc2923-7] :10.17487/RFC2923. RFC 2923
. Informational.

[8] Hubert, Bert (2002). "Circumventing Path MTU Discovery issues with MSS Clamping (for ADSL, cable, PPPoE & PPtP users)". Linux Advanced Routing & Traffic Control HOWTO. Retrieved 2019-04-15.

[1]

[2]

[3]

[4]

[6]

[7]

[8]