Path MTU discovery
From Wikipedia, the free encyclopedia
Path MTU discovery (PMTUD) is a technique in computing for determining the maximum transmission unit size on the network path between two IP hosts with a view to avoiding IP fragmentation.
Path MTU discovery works by setting the DF (Don't Fragment) option bit in the IP headers of outgoing packets. Then, any device along the path whose MTU is smaller than the packet will drop it, and send back an ICMP "Datagram Too Big" message containing its MTU, allowing the source host to reduce its assumed path MTU appropriately. The process repeats until the MTU is small enough to traverse the entire path without fragmentation.
If the path MTU changes after the connection is set up and is lower than the previously determined path MTU, the first large packet will cause an ICMP error and the new, lower path MTU will be found. Conversely, if PMTUD finds that the path allows a smaller MTU than what is possilbe on the lower link, the OS will periodically reprobe to see if the path has changed and now allows larger packets. On Linux this timer is set by default to ten minutes.
[edit] Problems with PMTUD
Many "security" devices incorrectly block all ICMP messages, including the errors that are necessary for PMTUD to work. This can result in connections that complete the TCP three-way handshake correctly, but then hang when data is transferred. This state is referred to as a "black hole connection".
Some implementations of PMTUD now try to work around this by inferring that large payload packets have been dropped due to MTU rather than because of link congestion. However, in order for TCP to operate most efficiently, ICMP unreachables (type 3) should be permitted.
