On Tue, Nov 27, 2001 at 02:10:53PM -0500, Mike Frysinger wrote: vapier> i dont know about the 'performance problems' you speak of vapier> when using PPPoE + NAT ... im running 2 linux boxes as routers vapier> on verizon DSL and both get a constant 60kB (which is what vapier> the cap is for my price package). each box does NAT for vapier> 4-5 people, and each has hit 40+days of uptime w/out any vapier> 'performance problems' ... vapier> -mike
PPPoE's MTU is 1492 bytes due to the extra PPP header in the Ethernet frame. Hosts sitting behind a NAT will not know of this reduced MTU and still send IP packets that fill up the Ethernet frames up to a maximum size of 1500 bytes. (WinPoET reduces the MTU for the local machine where it is installed.) When the NAT tries to forward these packets, they will need to be fragmented at the point where they enter the PPPoE link. This causes reduced performance, and in some circumstances can cause
to be dropped on the floor. Normally, Path MTU discovery should take care of discovering the minimum MTU on the complete path from the
to the destination, but many incorrectly configured routers/firewalls on the Internet drop all ICMP traffic, causing mysterious connectivity loss to destinations behind these broken firewalls due to the failure of
doing like the Roaring Penguin's FAQ and modifying the MTU value for the packets gives me a semi 'real' connection ... of course i have to do some hacks for ident support, but other than that, just about everything has been flawless w/out 'mysterious packet droppings' well, each to their own ;) -mike ----- Original Message ----- From: "Charles R . Anderson" <cra@WPI.EDU> To: <wlug@mail.wlug.org> Sent: Tuesday, November 27, 2001 03:24 PM Subject: Re: [Wlug] Cable or Good DSL ISP's packets source the
Path MTU to work correctly.
You could work around this problem by changing the MTU on all your boxes behind the NAT/PPPoE (this involves changing a registry key on Windows), or by using a hack that "clamps" the TCP MSS (Maximum Segment Size) at the NAT. rp-pppoe, for example, has a built-in feature that does this clamping. Older pppoe packages for Linux used a kernel module called mssclampfw to do the clamping. This clamping only works for TCP, though.
If you can live with the limitations and hacks required for PPPoE and NAT, fine. I prefer a "real" connection to the internet.
-- Charles R. Anderson <cra@wpi.edu> / http://angus.ind.wpi.edu/~cra/ PGP Key ID: 49BB5886 Fingerprint: EBA3 A106 7C93 FA07 8E15 3AC2 C367 A0F9 49BB 5886 _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug