I read 5.21, but I still have connectivity problems.

I read 5.21, but I still have connectivity problems.



Solaris 2.x will still send large packets over such links but
without the don't fragment bit set. On a number of occasions, I've
come across links that don't properly handle such packets.
They're not fragmented, they're silently dropped instead.


So if the fix in 5.21 doesn't work you can resort to the
following drastic measure which negatively impacts network
performance: 




/usr/sbin/ndd -set /dev/tcp tcp_mss_max 536


536 is the standard packet size that is guaranteed to work by virtue
of the fact that most system will communicate outside the local
net with packets that big. If the connection then starts to work,
it's time to find the largest value that works.


It's also worth mentioning that the "ip_path_mtu_discovery" needs
to be applied at both sides of a connection to fully work, applied
at one side it will only affect outgoing large packets. (I.e.,
downloads from the site will succeed but uploads from a other
Solaris 2.x machine w/o the workaround applied may still fail). The
"tcp_mss_max" workaround need only be applied at one side.


If you need the "tcp_mss_max" workaround for some sites, there is a
problem on the link between you and those sites. Get it fixed.
Traceroute will tell you where the problem lies. Try traceroute
host size, for varying sizes. If traceroute without a size
parameter works, but traceroute with a size parameter of 1460 fails
at some hop, the connection between that hop and the next is
broken.




Home
FAQ