Solaris 2.4 IP problem - DF bit always set

Solaris 2.4 IP problem - DF bit always set

Post by Robert Tarra » Fri, 08 Sep 1995 04:00:00

I recently ran into a problem with a Solaris box -
SPARC 10 running Solaris 2.4, kernel jumbo patch 101945-10.

The problem appeared when people on remote SLIP machines dialed
in to certain ISPs were unable to load the WWW pages from the Solaris
box.  A few bytes (80-120) would appear; then the connection
ground to a halt and no more data would come through (or it would
trickle through very slowly).

Removing most of the graphics from the page (it had several small
GIF and JPEG images) or tweaking the SLIP configuration a lot
(disabling MNP5 on the modems, etc) helped, but these were deemed
unacceptable solutions as the SLIP machines loaded pages from
non-Solaris machines just fine.

Further investigation with packet sniffers and such showed
a very high TCP retransmit rate.  It also showed that the
Solaris box is *always* setting the "dont't fragment" bit on
IP packets.

The only fix I've come up with so far is to set the MTU on
the ethernet interface to 255 (tried 535 and it helped, but
255 seems to help more) and also setting "ip_path_mtu_discovery 0"
in the /dev/ip driver.  I'm not certain if the latter resulted
in any measurable improvement but it didn't seem to hurt.

"showrev -p" shows the following patches have been applied:

101753-01 101829-01 101878-01 101879-01 101880-03 101902-01
101905-01 101907-02 101920-01 101921-04 101922-04 101923-03
101925-01 101933-01 101945-10 101959-02 101969-04 101975-01
101979-03 101981-01 101983-01 102001-03 102002-01 102003-01
102007-01 102011-02 102020-02 102035-01 102036-01 102037-01
102038-01 102044-01 102062-03 102079-01 102112-01 102137-01

Does anyone have any thoughts on other solutions or patches
for this problem?  I've looked through the list of fixes in
101945-27 (or -29 or whatever it was) as that seemed like a
likely place to find a fix - but it doesn't seem to have
anything relevent.  I don't want to apply yet another patch
unless it's fairly likely to help.

Leaving the MTU as low as it is will work but is a *
hack (IMO) and will probably adversely effect throughput
to the rest of the world.

BTW, this doesn't seem to be unique among Solaris machines.
I noticed that, which looks like it's running
Solaris, also has the DF bit set on every IP packet that I've
looked at... and the SLIP machines show the same problem when
trying to load WWW pages from that site.

Thanks -
                       -Robert Tarrall.-
                       Unix System/Network Admin
                       Laboratory for Computational Dynamics
                       CU - Boulder


1. Solaris 2.4 IP problem - DF bit always set

The DF bit is part of MTU discovery. It looks like your remote
slip boxes don't support it, so you should indeed unset
ip_path_mtu_discovery for the time being.

The downside is that if the slip links are at all lossy,
performance on them will be appauling, due to retransmitting
a whole IP datagram for each corruption/loss (which for NFS
could typically be 8kbytes).

In the longer term, look to moving the slip lines to something
which does support MTU discovery.


2. tar xvf not working right

3. Setting IP DF bit in Solaris 2.4

4. Dlink de250ct

5. Setting DF bit in IP header.

6. Csh problem

7. Sparc 5/Solaris 2.4 TCP/IP Problem with SL/IP connections

8. Mitsumi IDE CR-R

9. How do I set ip addess etc on solaris 2.4

10. is it possible to set IP type-of-service on Solaris 2.4?

11. My 2.4 IP always sends packets with DONT FRAGMENT

12. df incorrectly reports remaining space (Solaris 2.4)

13. ipfw (IP Firewall), proxy and IP routing on Solaris 2.4