MTU understanding and Problems

Problems encountered a few days ago: the system may encounter problems when communication occurs, and the sending end will not report errors. However, the receiver does not respond.

MTU details:

Maximum Transmission Unit (MTU) refers to the maximum data size (in bytes) that can be passed on a layer of a communication protocol ). The maximum transmission unit parameter is usually related to the communication interface (network interface card, serial port, etc ).

The Internet Protocol allows IP sharding, so that the datagram can be divided into small enough fragments to pass through the links with the maximum transmission unit smaller than the original size of the datagram. This fragment process occurs on the IP layer (the Layer 3 of the OSI model, namely the network layer). It uses the value of the maximum transmission unit that sends the group to the network interface on the link. All parts of the original group are marked, so that the IP layer of the target host can regroup the original datagram.

In Internet protocols, the "maximum transmission unit of a path" of an Internet transmission path is defined as the minimum value of the maximum transmission unit for all IP addresses on the "path" from the source address to the destination address. Or, from another perspective, the maximum number of transmission units that can pass through this "path" without further sharding.

RFC 1191 describes the path maximum transmission unit discovery method, which is a technology used to determine the maximum transmission unit of a path between two IP hosts. It aims to avoid IP fragmentation. In this technology, the source address uses the location bit of the datagram DF (don't fragment, don't shard, then, the size of the sent datagram is gradually increased. Any device in the path that needs to partition the group will discard the datagram and return an ICMP response with a "too large datagram" to the source address, the source host "learns" to the maximum transmission unit through this path without sharding.

Unfortunately, more and more networks Block ICMP transmission (for example, in order to prevent DDoS attacks)-This makes the Discovery Method of the maximum transmission unit of the path unable to work normally, A common manifestation is that a connection can work normally when the data traffic is low, but once a large amount of data is sent at the same time, it will be immediately suspended (for example, when using IRC, the customer will find that no response is received after sending a ping to prohibit IP spoofing, because the connection is blocked by a large number of welcome messages ). Moreover, in a network that uses the Internet protocol, the "path" from the source address to the destination address often responds to various events (such as server Load balancer, congestion, and power failure) it is dynamically modified, which may cause the maximum transmission unit of the path to change during transmission, sometimes even repeatedly. As a result, when the host finds a new maximum transmission unit that can work securely, more groups are lost.

For most local networks that use Ethernet nowadays, the maximum transmission unit value is 1500 bytes. However, a system like pppoe reduces this value, which may result in the use of the maximum transmission unit discovery method: some sites become inaccessible after the firewall is improperly configured. In this case, you may find a work ing method, but it depends on which part of the network you control. These methods include modifying the MSs (maximum segment size, maximum segment size) of the first group used to establish a TCP connection at one end of the firewall ).

 

What are the differences between parts?
Fragment is the concept of IP layer. The flag for checking IP fragment is to check the DF bit and more fragment bit in the flag field of the IP layer header. Check whether the parts are sharded and whether there are any subsequent part packets.
At the same time, the last field of the IP packet header is IP fragments, which specifies the number and length of frames in the parts. (It can be determined that no IP sharding is performed when we send the message)
Segmentation is the concept of the TCP layer. In this case, MSS is used. In this example, 1460 is used as the MSS. Generate dynamically based on the negotiation results. The phenomenon is that in each (except the first) SMTP
In the message body message, each TCP net data size is 1460. The option field in the first tcp syn packet sent to the other party carries the MMS field to notify the other party of the MSS in use. The other party will return its own MMS field in the response to syn. In this way, both parties negotiate successfully. The sender selects a small value for MMS Segmentation Based on the MMS size of the recipient in the received ack compared with the local machine.
At this time, our MSS is smaller than the MTU of the interface. Therefore, we use 1460 as the TCP slice size. Add a 20-byte IP header and a 20-byte TCP header. The total size is 1500 bytes. If MTU 1500 is exceeded, the parts will still be split. But this is not the case. Equal. So we didn't perform sharding.

 

The final result should be that our system processes network packets and has modified the protocol stack. Therefore, some packets are not processed or the control function on the TCP layer is absent, the MTU cannot be negotiated.

 

Others' faults referenced during locating:

1.

Http://blog.chinaunix.net/space.php? Uid = 17320666 & Do = Blog & cuid = 2037421

Mtu-caused network faults. The network architecture is as follows:

The VPN Client uses RRAS of win2003 as the VPN dial-up client for remote dial-up connection. In the client network, the user uses the RRAS route for data transmission with the VPN Server, Web browsing and mail, FTP downloads are normal, and both networks (VPN Client and VPN Server) have routers and firewalls;

Now, you need to install an FTP server in the VPN Client Network to upload data from the VPN Server, but it is always unsuccessful. If the file is transferred for hours, it is successful if it is less than 4 kb, however, if it is slightly larger, it indicates that it is not successful. When it is transferred to several kb, a time out error message will appear;

Troubleshooting steps:

I. Mail, FTP download, Web browsing, and other operations are normal, proving that network connections and devices are all normal;

2. When the FTP server is installed on win2003 for testing, it is found that FTP uploading is normal, but the user fails to upload the file through RRAS in the network;

3. When the remote VPN Server is pinged, the MTU data packet size can only be 1370. If the value is greater than this value, the MTU data packet will be fragment, for example, Ping-F-l 1400 192.168.5.1, the packet needs to be fragmented but DF set will appear, which is related to the MTU settings of the firewalls at both ends and the maximum value allowed by the ISP, and the default MTU value of win2003 and XP is 1500, after the default MTU value in win2003 is changed to the maximum value allowed by the network, FTP upload is normal.

To modify MTU in windows, follow these steps:

1. Run regedit.exe,

2. Find the following path: [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ Interfaces \ All network adapters of the system are listed under interfaces;

3. Find the physically working network card and check the IP address equivalent to determine the network card to be changed. Then, under the selected network card, create a New DWORD Value named MTU, double-click the input decimal value;

4. Restart;

Install MTU in Linux: Run ifconfig to modify MTU, for example, ifconfig eth0 MTU 1370;

 

2.

Some networks can access and some cannot be accessed. omnipeek is used to monitor the network status and the packet size is small (594). Check the MTU value and find that the packet size is small (seemingly caused by a virus ), everything works after MTU is modified

How to modify the MTU of the Local Machine? The modification method is as follows: (1) Run regedit (2). Browse to: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ Interfaces 2 (3) and interfaces have multiple sub-items. Each sub-item corresponds to one Nic. Select the NIC as follows: (a) determine the NIC used to connect to the Internet or the IP address of the dial-up connection, for example, 192.168.0.19; (B) Click the subitem on interfaces with the mouse, view IPaddress items in the key-Value List. (c) if the key value of IPaddress is the same as the IP address in (a), that is, 192.168.0.19, this sub-item is the network card to be found. (4) enter the subitem, right-click the window on the right, choose "New"> "double byte value", enter the name "MTU", and press Enter. Double-click "MTU" and the modification window is displayed. 3: Enter the MTU value. Set the base number to decimal. After the configuration, You need to restart the machine to make it take effect.