Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3835
Views
5
Helpful
5
Replies

Fragmentation required

ubu3389
Level 1
Level 1

‎02-28-2020 05:30 AM

Hi all,

Do you have any idea of why I get this "fragmentation required" messages when I try a simple traceroute?

fragmentation required, trying new MTU = 1492
 9  *  14 ms
fragmentation required, trying new MTU = 1480
 9  *  14 ms
fragmentation required, trying new MTU = 1472
 9  *  14 ms
fragmentation required, trying new MTU = 1006
 9  * *

I think that this issue is slowing down my throughput. Between the two machines I have a firewall and a VPN.

 

Any thought or idea could be useful for me,

thanks :)

 

Labels:
0 Helpful
5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

‎02-28-2020 12:22 PM

Hi there,

This looks like a form of PMTUD. When a Layer3 devices receives a packet with the DF bit set that it cannot forward it will send an ICMP message back to the source telling it that fragmentation is needed. Crucially this ICMP message includes the required MTU size.

Your output looks like the sender is receiving the ICMP message, ignoring the suggested MTU and then slowly decrementing the MTU of the packet until it finds one that works.

Strange behaviour, but at least it works! Out of interest what device/ OS is the source of the traceroute?

 

cheers,

Seb.

0 Helpful

ubu3389
Level 1
Level 1
In response to Seb Rupik

‎02-28-2020 01:53 PM

Hi,

Thank you for your kind replay :)

 

The source of the traceroute is an AIX and the destination is a Linux. As i said, between them there's a VPN and it looks like the gateway is asking me for fragmentation. I tried with many others AIX and I still get the same issue.

Do you think that this may be the cause of my really low throughput (around 2 MB/s)? Because it seems like at the end the sender agrees to transmit with an MTU of 1006. I made some tcpdump seen from the AIX source and I found a lot of Duplicate Ack (along with other stuff). How can I cope this problem?

Thank you for your time and answer, I really appreciated :)

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to ubu3389

‎02-28-2020 02:21 PM

The VPN will normally add some overhead which will reduce the the possible MSS on the path, but an negotiated MTU of 1006 seems a little low!

Are you able to confirm that the AIX actually transmits using an MTU of 1006? If it doesn't and then continues using a value of say 1500, then at some point the packets will be fragmented and the receiving device will then have to reassemble them. Fragmentation can cause problems especially on congested links where the trailing fragments may be dropped requiring the entire packet to transmitted (and fragmented all over again). This process will adversely effect your throughput.

 

You may want to look at using ip mss-adjust along the path to control packet size by modifying the TCP handshake values.

 

cheers,

Seb.

ubu3389
Level 1
Level 1
In response to Seb Rupik

‎02-29-2020 07:02 AM

Hello again,

well, actually I'm not able to say that AIX is transmitting using an MTU of 1006. I supposed it. But, from what I have seen from the dumps, AIX is surely using and sending largesend packets with DF bit on (https://www.ibm.com/support/pages/what-difference-between-largesend-and-jumbo-frame).

This is a dump seen from the AIX: tcpdump_from_AIX_to_Linux 

Unfortunately I'm not really good in network analysing :(

 

Thanks again,

ubu

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to ubu3389

‎03-30-2020 06:49 AM

Hello again,

This packet capture just shows encrypted traffic, it is not possible to diagnose the problem.

 

Is it possible to get the unencrypted traffic between the hosts?

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card