Date: Sat, 16 Dec 2000 10:33:33 -0800 From: "Kevin Oberman" <oberman@es.net> To: David Kelly <dkelly@hiwaay.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: use of 1500 octet pings? Message-ID: <200012161833.eBGIXXJ22883@ptavv.es.net> In-Reply-To: Your message of "Fri, 15 Dec 2000 22:04:57 CST." <200012160404.eBG44v454729@grumpy.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: David Kelly <dkelly@hiwaay.net> > Date: Fri, 15 Dec 2000 22:04:57 -0600 > Sender: dkelly@grumpy.dyndns.org > Sender: owner-freebsd-questions@FreeBSD.ORG > > "Kevin Oberman" writes: > > > Date: Wed, 13 Dec 2000 17:07:41 -0600 > > > From: David Kelly <dkelly@hiwaay.net> > > > Sender: owner-freebsd-questions@FreeBSD.ORG > > > > > > Watching reject messages on firewalls lately I've seen ICMP ECHO > > > requests from web sites somebody is visiting, trying to packets of > > > echo 1500 octets off us. What the heck are they trying to do? I can't > > > guess an honest excuse for websites to ping visitors. And with such > > > large packets. > > > > PMTU discovery? They may well be sending larger pings, but they don't > > get to you. 1500 octets is probably the largest packet that can make > > it to you without fragmentation. > > I don't know what they are doing but watch what happens when you try > http://www.nga.gov/. Forcing MTU discovery with large pings on first > access to a web site doesn't seem right. HP has sites which do the same > thing. I don't know why it does not seem right. It certainly is right. Try reading RFC1191, "Path MTU Discovery". IF you do PMTU discovery, and it is a good idea, you do it before establishing the first TCP connection. So the "large ping" should be the immediate result of a connection. The selection of the largest possible MTU will greatly enhance performance in most cases and the only way to determine that value is PMTU discovery. The only reason PMTU discovery is not universal is that so many people block ICMP packets which MAY break PMTU. The result is that many sites don't think it's worth doing. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012161833.eBGIXXJ22883>