Does anybody out there know of a Solaris kernel tweak to set/unset
the "Dont Fragment" bit in the IP header ?
I recently ran into a problem with a Solaris box -
SPARC 10 running Solaris 2.4, kernel jumbo patch 101945-10.
The problem appeared when people on remote SLIP machines dialed
in to certain ISPs were unable to load the WWW pages from the Solaris
box. A few bytes (80-120) would appear; then the connection
ground to a halt and no more data would come through (or it would
trickle through very slowly).
Removing most of the graphics from the page (it had several small
GIF and JPEG images) or tweaking the SLIP configuration a lot
(disabling MNP5 on the modems, etc) helped, but these were deemed
unacceptable solutions as the SLIP machines loaded pages from
non-Solaris machines just fine.
Further investigation with packet sniffers and such showed
a very high TCP retransmit rate. It also showed that the
Solaris box is *always* setting the "dont't fragment" bit on
The only fix I've come up with so far is to set the MTU on
the ethernet interface to 255 (tried 535 and it helped, but
255 seems to help more) and also setting "ip_path_mtu_discovery 0"
in the /dev/ip driver. I'm not certain if the latter resulted
in any measurable improvement but it didn't seem to hurt.
"showrev -p" shows the following patches have been applied:
101753-01 101829-01 101878-01 101879-01 101880-03 101902-01
101905-01 101907-02 101920-01 101921-04 101922-04 101923-03
101925-01 101933-01 101945-10 101959-02 101969-04 101975-01
101979-03 101981-01 101983-01 102001-03 102002-01 102003-01
102007-01 102011-02 102020-02 102035-01 102036-01 102037-01
102038-01 102044-01 102062-03 102079-01 102112-01 102137-01
Does anyone have any thoughts on other solutions or patches
for this problem? I've looked through the list of fixes in
101945-27 (or -29 or whatever it was) as that seemed like a
likely place to find a fix - but it doesn't seem to have
anything relevent. I don't want to apply yet another patch
unless it's fairly likely to help.
Leaving the MTU as low as it is will work but is a nasty
hack (IMO) and will probably adversely effect throughput
to the rest of the world.
BTW, this doesn't seem to be unique among Solaris machines.
I noticed that sunsite.unc.edu, which looks like it's running
Solaris, also has the DF bit set on every IP packet that I've
looked at... and the SLIP machines show the same problem when
trying to load WWW pages from that site.
Unix System/Network Admin
Laboratory for Computational Dynamics
CU - Boulder