Can't open various web sites
in [Mac Systems]
|
From: JF Mezei on 7 Aug 2010 14:58 Not sure what router you have. "good" routers have a command line where you can force an "adjmss" (adjust mss). When you establish a TCP comnection, your computer will say "i can handle 1500 MTU". Your router will adjust this value to the value you specified, and the remote server will then know that you have a max MTU of 1492 (or whatever you had set it to). When the packet from the server comes back, the computer is also told that the MTU for this connection is 1492, so it will create packets max of 1492. (MSS is MTU - 40 for all practical purposes). Without an "adjmss" function, your router will pass any packet below its MTU value unchanged. So the remote host would see your computer's "I can do 1500" and send 1500 byte packets to you, which would either cause packet fragmentation at your ISP's router before getting in the PPpoE portion of the travel or be rejected and the remote server told that fragmentation is required. (at which point they go into MTU negotiation). http://www.speedguide.net:8080 will tell you what your "advertised" MTU is (aka: what a remote host is initially told your can handle). Set your Mac to 1500, your router to 1492 or less. Try that web site. If it shows your MTU of 1500, it means that your router isn't doing adjmss and this will result in problems. You also want to make sure that MTU Discovery is ON.
From: David Empson on 8 Aug 2010 00:44
Wes Groleau <Groleau+news(a)FreeShell.org> wrote: > On 08-07-2010 06:51, Peter James wrote: > > With them both set to 1492 MTU no success, but with both set to 1454 MTU > > normal results achieved. But why didn't that happen when I previously > > tried them both at 1454? > > Maybe you didn't press hard enough on the mouse button to click Save ? > > I am not familiar with what MTU is, but when the two ends of a > connection disagree on a setting, unexpected behavior is to be > expected. :-) MTU = Maximum Transmission Unit. It is the maximum length of an IP packet sent over a network connection, including headers for IP and for TCP or UDP. It can be configured separately for each network interface on the computer. When you adjust this setting on the computer, it limits the maximum length of transmitted IP packets (but doesn't limit receive packet length, so other devices may still send packets as long as whatever the network protocol can handle). The normal setting for Ethernet is 1500. (There is a "Jumbo Frames" feature which can be used with Gigabit Ethernet to allow an MTU up to 9000, but it can only be used if ALL devices on the local network support jumbo frames.) If the packets have to travel over any other connection (e.g. your broadband connection) it may require a lower MTU over that connection, due to different rules or extra overhead for some network types. 1492 is quite common for broadband connections. When a packet exceeds the allowed MTU of another network over which it must travel, what is supposed to happen is that the router will automatically break the packet up into two or more IP fragments. These get delivered separately and reassembled at the final destination. The fragmentation adds overhead (at least another IP header, possibly padding and additional time). There is an optional flag in the IP header called "Don't Fragment" (DF for short). If this flag is set, a packet length which exceeds the MTU for a network will be discarded rather than being fragmented. When this happens, the router is supposed to send back an ICMP packet to the originating device telling it the packet had to be fragmented to go any further. Unforunately some routers don't send these packets, and some firewalls might block them from arriving. The DF flag is used as part of the mechanism known as "path MTU discovery". The software tries to send a packet of maximum length to the destination with DF set. If there is any network segment on the path to the destination with a lower MTU, an ICMP Fragmentation Needed packet will come back, and the information from that packet can be used to lower the effective MTU for that connection. This is repeated as required until the packet arrives at the destination, at which point a reasonable maximum length is known and the connection can be established using that limit. Not all software does this. Some software misuses the DF flag and sets it when it shouldn't be doing so. This causes long packets to be dropped if they hit a network segment which has a lower MTU than the packet size. If you know that most packets from your computer must travel through a connection with an MTU lower than 1500, then it makes sense to reduce your MTU to the same as the broadband connection. This will reduce fragmentation overhead and improve performance, as well as avoid issues with anything on your computer which sets the DF flag. It doesn't help with packets coming the other way - if they are sent by a device which is on a network that allows 1500 byte packets, they will have to be fragemented when they hit the ISP end of your broadband connection (if that didn't happen already). Setting the MTU unnecessarily low will reduce performance, as the same amount of data will need to be sent in more IP packets, with additional overhead for IP headers, TCP headers, possibly padding, and timing. -- David Empson dempson(a)actrix.gen.nz |