[ale] SSH Cisco Networking Issue

Michael H. Warfield mhw at WittsEnd.com
Tue Sep 28 09:41:32 EDT 2010 

On Tue, 2010-09-28 at 08:32 -0400, Michael H. Warfield wrote: 
> On Tue, 2010-09-28 at 05:30 -0400, Paul Cartwright wrote: 
> > On Mon September 27 2010, Michael H. Warfield wrote:
> > > You MIGHT try "ping -M do -s 1500 host" and see if it breaks.  The "-M
> > > do" says do prohibit fragmentation (don't ask - I don't know why it's
> > > that way) and the -s 1500 sets the packet size.  Back it down till it
> > > works.  If it does, you have your smoking gun.  Still, I'm not sure I
> > > can guarantee the test.
> 
> > so, I am an atnex.net customer, and I tried that with this line:
> > ping -M do -s 1460 atnex.net
> > PING atnex.net (208.65.89.2) 1460(1488) bytes of data.
> > 1468 bytes from www.atnex.net (208.65.89.2): icmp_seq=1 ttl=124 time=51.4 ms
> > 1468 bytes from autodiscover.atnex.net (208.65.89.2): icmp_seq=2 ttl=124 
> > time=50.5 ms
> > <SNIP>
> 
> > --- atnex.net ping statistics ---
> > 7 packets transmitted, 7 received, 0% packet loss, time 6022ms
> > rtt min/avg/max/mdev = 50.198/50.853/51.470/0.446 ms
> 
> > with anything higher I got this:
> > From paulandcilla.homelinux.org (192.168.10.2) icmp_seq=2 Frag needed and DF 
> > set (mtu = 1492)
> > ^Cndcilla.homelinux.org (192.168.10.2) icmp_seq=2 Frag needed and DF set (mtu 
> > = 1492)
> 
> > --- atnex.net ping statistics ---
> > 1 packets transmitted, 0 received, +3908 errors, 100% packet loss, time 2459ms
> 
> > so should I set my router to 1460? I had always used 1492, but I really can't 
> > remember why!
> 
> 1) That -s is the payload size.  Don't forget the size of the smtp
Sometimes I have got to stop multitasking...                icmp^^^^

> header in there.  I really shouldn't have written -s 1500 but I was
> typing fast and wasn't thinking.
> 
> 2) You are getting "Frag needed and DF set" so PMTU discovery should
> work properly and you don't need to artificially reduce your MTU
> anyways.
> 
> The time you would need to fine tune the MTU is if you were getting
> timeouts.  Both the cases you described above, everything is working
> fine.  Leave it alone.
> 
> Regards,
> Mike

Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20100928/7f94faf0/attachment.bin

More information about the Ale mailing list