After my ISP upgrade their backbone to MPLS we have a internet brower issue wide across my LAN. Some PCs can not brower internet, but some PCs in the same segment can!!!
I do a NAM trace found a HTTP error
" IP packet size limited during capture: HTTP truncated".
Later we tried decrease local pc MTU to 500 it works, they can brower the site which do not open previouly. But still the problems is some PCs local MTU setting is 1300 is working fine ???!!
I really confused?? Is it a MPLS issue or it is my local router setting? Since I have not make any change on my site recently?
Need your help.
MTU on Ethernet interfaces should be increased to 1500 + 4 for each MPLS label. Usually 1512 should be fine.
Some web sites might be protected with firewalls which set DF flag and do not allow fragmentation.
Try to do an extended ping with sweep size from a router towards Internet to probe what is the maximum allowed MTU in your network.
The proper approach in a MPLS network is to adjust interface MTUs to allow for the additional label overhead as described in the previous post.
A second approach for TCP is to use the "ip tcp adjust-mss
Hope this helps! Please rate all posts.
Thanks for reply.
This command resoved my problem"ip tcp adjust-mss 1400" .
I do some test this morning and found the maxmim MTU a PCs is 1480 and if I set higher like 1490 is do not work.
I want to know is any configure on MPLS network related to this setting ??? Before I call my ISP I need confirm this
There are two settings:
1. You can set up MTU on an interface and all packets will have increased MTU.
2. Use MPLS MTU thus only MPLS packets will have a higher MTU.
Anyway in MPLS enabled network you should always increase MTU on switches. I heard about a similar case when sobe web sites were unreachable and adjusting MTU was a solution.
An additional question is how this MPLS network is bult? Are there any pseudo-wire links?
Usually an ISP sets up his network to deliver 1500 Bytes as MTU for customers end-to-end. You can find the restricting part of the network by using pings with DF bit set to various destinations. Example: ping from a workstation to your local CE and check MTU, then ping to remote CE with same settings or ping CE to CE. If inside your network 1500 bytes are ok, but f.e. CE to CE fails, you should contact your ISP with your results.
Be aware, that on MS workstations the command should look like "ping -f -l 1472
Hope this helps!
I work for an ISP we did the same thing as your ISP, implemented MPLS on the network and some of our customer started experiencing the same problem as you described. Am trying to simulate the problem by connecting a PC to our MPLS lab but failed to do so. Even after changing the MTU size on my PC to 1500 i cann't simulate the problem. Any suggestion
why this is working. Your suggestion will be much appreciated
When there are MTU issues, the reason why some machines will have access and not others are severals.
- The OS version: newer OSes have the tcp pmtu discovery on by default
- The best way to do a test for MTU issues is with pings and the DF bit set up (with the -f in Windows or "-M do" in *nix)
You can use the "ip tcp adjust-mss
There are numerous discussions and examples on why not to accept MTU < 1500 for an enterprise. Most people can live with micro MTUs and most of us do (i.e. in our broadband connections).
Each time you have to encapsulate your traffic (i.e. MPLS, GRE, IPSec, L2TP) you will be forced to reduce the effective MTU. Now, if you, as an enterprise, have an MTU < 1500, you will start subtracting from it and the smaller the MTU the grater the overhead in bulk transfers. It is quite complicated to explain, but you will be experiencing and effective bandwidth loss for your bulk transmissions. (See NANOG discussions in this issue as well as numerous reports in ACM/IEEE Transaction of Networking)
Finally, since not all third party devices support the MSS adjustment, the carrier will be forcing some customer to upgrade their infrastructure. Not everyone will have the means to upgrade their infrastructure because the carrier decides to change something.
Hope this give you some ideas.
Thanks for your reply its much appreciated. When i simulated the environment i disabled the tcp pmtu discovery on the server and host. Even after then the client managed to transfer files via the mpls cloud. I believe when you disable the pmtu discovery the MSS is adjusted to an minimum value (mss 540), this is why the client can transfer file via mpls network without packets getting dropped. As you have mentioned some third party devices does not support the mss adjustment. This may be why some clients were experiencing the problem as they were sending packets too large for the network to send without fragmentation. William do you know of any way of adjusting the MSS on a client so that i can simulate the problem. It seems like on windows MSS is based on the mtu size on the NIC.
You may try Dr.TCP, if I'm not wrong it has a way to setup the MSS and other parameters on Windows machines.
There is a tool named mtutrace (or tracemtu) which is also good for troubleshooting MTU issues from Windows machines. (I don't use Windows so I don't have these tools with me, but you can Google for them.)