Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Issue with MTU size

ChamilChamil Newbie ✭
in Entry Level Firewalls

When decrease the MTU size in the WAN link , Firewall gives a reply as " Packet needs to be fragmented but DF set."

What would be the reason for this ?


C:\Users\Administrator>ping -f -l 1200 8.8.8.8 -t


Pinging 8.8.8.8 with 1200 bytes of data:

Reply from 8.8.8.8: bytes=68 (sent 1200) time=6ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 1200) time=6ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 1200) time=6ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 1200) time=6ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 1200) time=6ms TTL=117

Reply from 192.168.1.254: Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.


C:\Users\Administrator>ping -f -l 1000 8.8.8.8 -t


Pinging 8.8.8.8 with 1000 bytes of data:

Reply from 8.8.8.8: bytes=68 (sent 1000) time=7ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 1000) time=6ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 1000) time=6ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 1000) time=6ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 1000) time=7ms TTL=117

Reply from 192.168.1.254: Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.


C:\Users\Administrator>ping -f -l 900 8.8.8.8 -t

Reply from 8.8.8.8: bytes=68 (sent 900) time=7ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 900) time=7ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 900) time=7ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 900) time=7ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 900) time=6ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 900) time=5ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 900) time=8ms TTL=117

Reply from 8.8.8.8: bytes=68 (sent 900) time=6ms TTL=117

Reply from 192.168.1.254: Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @Chamil

    This refers to a technique for using the "DF" (Don't Fragment) bit in the IP header to dynamically discover the MTU of a path. The basic idea is that a source host initially assumes that the path MTU (PMTU) is the (known) MTU of its first hop, and sends all packets on that path with the DF bit set. If any of the packets are too large to be forwarded without fragmentation by some router along the path, that router will discard them and return ICMP "destination unreachable" messages with a code meaning "fragmentation needed and DF set".

    Check routing protocols and attempt to establish consistent MTUs across all common paths.

Sign In or Register to comment.