Re: Strange WAN disconnects

rhltechie · ‎06-01-2006

Hi All,

Have a citrix disconnect problem as described in the following article:

http://support.citrix.com/article/CTX104945&searchID=-1

one of the solutions is:

"Configure the routers to send more ICMP 3 Mode 4 packets back to the MetaFrame server to force it to reduce the MTU."

Does this make any sense to anyone?

TIA,

R

gpulos · ‎06-01-2006

what they're saying is that for this application, if an ICMP 3 mode 4 comes through with MTU size information for the sender to use, then the sender is to adjust his MTU for subsequent transmissions of the same session and keep it that way.

the problem is that the application does not seem to be able to always keep the MTU sent by ICMP during the first connection attempt (the router is supposed to tell the application to scale back), so they suggest resending ICMP with the MTU size needed to get their application to scale its MTU size back down.

this problem only occurs with this application due to IPSEC encryption. the MTU should be reduced in an IPSEC connection to permit adding the encryption.

they state that a registry key change on the application server is required to allieviate the problem: (adjust for required MTU length)

HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\Wds\icawd\MaxICAPacketLength

rhltechie · ‎06-01-2006

ok, thats makes some sense. but how exactly would you "make" your router comply with this?

gpulos · ‎06-01-2006

try to reduce the MTU length via the registry key edit that is recommended by citrix:

HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\Wds\icawd\MaxICAPacketLength

rhltechie · ‎06-01-2006

Hmm, i suppose so. The link made it sound like there was something additional you could do only on the router to help this issue.

Richard Burts · ‎06-01-2006

Ro

You might try configuring ip tcp adjust-mss on the LAN interface of the router to specify a smaller segment size. You might need to experiment a bit to find the optimum size (I have had good success with 1375).

Try it and let us know if it helps.

HTH

Rick

HTH

Rick

rhltechie · ‎06-01-2006

thanks for your reply. will making this change affect other apps negatively?

sundar.palaniappan · ‎06-01-2006

I agree with Rick on that. I have had good success with a MSS of 1400. To the best of my knowlege, this shouldn't impact other applications. What this command does is the router transparently lowers the MSS during TCP negotiation process between the client and server to a value you specify. This is a great command to rule out any MTU problems on the traffic path.

HTH,

Sundar

*Please rate all helpful posts.

Richard Burts · ‎06-01-2006

Ro

I would not expect any negative impact from implementing ip tcp adjust-mss. Like Sundar I have used this in quite a number of situations and I have not yet encountered any negative outcome from using this.

As Sundar explains this function affects the TCP negotiation of new sessions. So any session already established when you do this will not be affected. Any new session will negotiate a segment size no larger than what you have configured (it looks to the end station like the remote station has requested the segment size). I do not see any negative impact from doing this and it may help solve your issue.

HTH

Rick

HTH

Rick