5
votes

I'm doing some experiments with path MTU discovery in Linux. As far as I understood from RFC 1191, if a router receives a packet with non-zero DF bit and the packet can't be sent to the next host without fragmentation, then the router should drop the packet and send ICMP message to the initial sender.

I've created several VM on my computer and linked them in the following manner:

VM1 (192.168.100.2)

R1  (192.168.100.1, 
     192.168.150.1)

R2  (192.168.150.2, 
     192.168.200.1)

VM2 (192.168.200.2)

Rx - are virtual machines with Linux installed, they have two network interfaces with a static route. Pinging V2 from V1 and vice versa is successful.

traceroute from 192.168.100.2 to 192.168.200.2 (192.168.200.2)
 1  192.168.100.1 (192.168.100.1)  0.437 ms  0.310 ms  0.312 ms
 2  192.168.150.2 (192.168.150.2)  2.351 ms  2.156 ms  1.989 ms
 3  192.168.200.2 (192.168.200.2)  43.649 ms  43.418 ms  43.244 ms

tracepath 192.168.200.2
 1:  ubuntu-VirtualBox.local                               0.211ms pmtu 1500
 1:  192.168.100.1                                         0.543ms 
 1:  192.168.100.1                                         0.546ms 
 2:  192.168.150.2                                         0.971ms 
 3:  192.168.150.2                                         1.143ms pmtu 750
 3:  192.168.200.2                                         1.059ms reached

Segments 100.x and 150.x have MTU 1500. Segment 200.x has MTU 750.

I'm trying to send UDP packets with DF enabled. The fact is the VM1 doesn't send the packet at all in case of the packet's size greater than 750 (I receive EMSGSIZE error for send() invocation).

However I expect such behavior for packets which size is more than 1500. And I expect that the VM1 sends packets which size is between 750 and 1500 to the R1, and the R1 (or R2) drops such packets and returns ICMP packet to the VM1. But this doesn't happen.

There are two questions:

1) Why?

2) Is it possible to set up my virtual network to receive ICMP packets in according to RFC 1191?

Thanks.

2

2 Answers

8
votes

Its possible that VM1 has cached PMTU information. By default the timeout for these cache entries is 10 minutes. You can change the timeout by writing to /proc/sys/net/ipv4/route/mtu_expires (seconds).

For your experiment, try flushing the cache (deleting PMTU cache) before sending out 1500 byte packets:

echo "0" > /proc/sys/net/ipv4/route/flush 

You'll receive a ICMP fragmentation needed message which would again populate a PMTU entry for this destination! So you'll need to keep flushing this cache before retrying the experiment.

0
votes

Encountered the same problem when use ping6, because /proc/sys/net/ipv6/conf/default/mtu is 1280. And /proc/sys/net/ipv4/route/min_pmtu is 552 by default.

So you can modify the value inside. And you can use -M option. you will not receive EMSGSIZE error.

-M pmtudisc_opt
          Select  Path MTU Discovery strategy.  pmtudisc_option may be 
           either do (prohibit fragmentation, even local one), want (do 
           PMTU discovery, fragment locally when packet size
           is large), or dont (do not set DF flag).