Hi,

I assume you already know about MTU, MSS, PMTUD etc.

If not, you find some useful information in document Resolve IP Fragmentation, MTU, MSS, and PMTUD Issues with GRE and IPSEC

The value of 1452 is interesting. TCP endstations calculate the MSS from their local interface MTU value (normally 1500 bytes) and negotiate a MSS which is admissible for both endstation's interfaces (normally 1460 bytes). So we can assume that in the end-to-end path we have somewhere an interface "eating up" 8 bytes of MTU.

I suspect this is a MPLS interface (4 bytes per label), perhaps you could inquire your SP?

[EDIT]: ... more likely PPPoE, like stated by Joseph.

Hope that helps

Rolf

Thanks a lot rolf , very usefull tool.

*I have observed following.

++ output via not working ISP ++

D:\>mturoute -t -x www.yahoo.com

mturoute to [redacted], 30 hops max, variable sized packets

* ICMP Fragmentation is not permitted. *

* Speed optimization is enabled. *

* Maximum payload is 10000 bytes. *

1  +-  host: a.a.a.a  max: 1500 bytes   ===> My GW Router

2  +-  host: b.b.b.b  max: 1500 bytes  ===> Up Stream provider WAN IP

3  +-  host: c.c.c.c  max: 1500 bytes ====> Up Stream provider IP

4  ...-+++++++++.-++  host: d.d.d.d  max: 1496 bytes

5  +.-  host: e.e.e.e  max: 1496 bytes ====> Yahoo IP

6  +.-  host: f.f.f.f  max: 1496 bytes

*6 (An additional device responded for f.f.f.f)

7  ++--+---+++-+++-  host: g.g.g.g  max: 1500 bytes

*7 (An additional device responded for g.g.g.g)

*7 (An additional device responded for g.g.g.g)

8  +-  host: h.h.h.h  max: 1500 bytes

*8 (An additional device responded for h.h.h.h)

*8 (An additional device responded for h.h.h.h)

9  +-  host: i.i.i.i  max: 1500 bytes

10  +-  host: j.j.j.j  max: 1500 bytes

++ output via a working ISP ++

E:\>mturoute -x -t www.yahoo.com

mturoute to [redacted], 30 hops max, variable sized packets

* ICMP Fragmentation is not permitted. *

* Speed optimization is enabled. *

* Maximum payload is 10000 bytes. *

1  +-  host: a.a.a.a  max: 1500 bytes

2  .+-  host: b.b.b.b  max: 1500 bytes

3  +-  host: c.c.c.c  max: 1500 bytes

4  +-  host: d.d.d.d  max: 1500 bytes

5  +-  host: e.e.e.e  max: 1500 bytes

6  +-  host: f.f.f.f  max: 1500 bytes

7  +-  host: g.g.g.g  max: 1500 bytes

*7 (An additional device responded for g.g.g.g)

*7 (An additional device responded for g.g.g.g)

8  +-  host: h.h.h.h  max: 1500 bytes

*8 (An additional device responded for h.h.h.h)

*8 (An additional device responded for h.h.h.h)

9  +-  host: i.i.i.i  max: 1500 bytes

*9 (An additional device responded for i.i.i.i)

10  +-  host: j.j.j.j  max: 1500 bytes

*10 (An additional device responded for j.j.j.j)

11  +-  host: k.k.k.k  max: 1500 bytes

*11 (An additional device responded for k.k.k.k)

12  +-  host: l.l.l.l  max: 1500 bytes

Can any one please explain why there's only 4bytes missing ???

4 bytes? VPN labe will add 4 bytes, also vlan tag will add an extra 4 bytes to the frame. This somehting you can't change, your ISP will change it if he is okay with that, otherwise use mss tcp adjust command as a workaround

Thanks for the reply Amjad.

Recently I found out that this issue is only with few of my IP ranges. I have done the same test with a totally different IP block and the results are as expected ( No deduction in MTU size )

How can this MTU issue is related with certain IP blocks ??

Anyway My ISP also checking on this issue. so far they didn't come up with any solution.

Adding to above , is it wise to use TCP ADJUST command on my WAN interface as a permanant solution ???

Usually, ISP have redundant links and use something called ECMP "Equal Cost Multi-Path". Based on the header of the frame, the packet will be switched to one of these paths. For expample In IP network, this will depend on the source and destination IP address, and in L2 VPN it will use the top and bottom label.

and regaridng the TCP adjust command, I would recommend to keep it in there, this will keep you connected even if something wrong happened at your ISP side

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Amjad Abdelhalim wrote:
4 bytes? VPN labe will add 4 bytes, also vlan tag will add an extra 4 bytes to the frame. This somehting you can't change, your ISP will change it if he is okay with that, otherwise use mss tcp adjust command as a workaround

The 4 bytes could also be a MPLS label (which is what Amjad might also mean).

This might be as simple as forgetting to configure an interface as MPLS.  Bump into this years ago with one of our service provides using MPLS under-the-covers.

It might also explain why it doesn't work to only some destination - i.e. they need to cross that particular provider's interface.