Home page logo

nanog logo nanog mailing list archives

Re: PMTU-D: remember, your load balancer is broken
From: brandon () rd bbc co uk (BrandonButterworth)
Date: Wed, 14 Jun 2000 07:46:18 +0100 (BST)

Chances are that if you are using a load balancer for TCP connections,
then it does not properly handle Path MTU Discovery. 

Does anybody have any field experience on how much PMTU-D actually

Ours is only of the problems when it doesn't work. On the UK copy of
http://news.bbc.co.uk/ they decided to play with load balancers (you
may not have seen the effect of this as for the NY copy we said no).

After an annoying trickle of complaints of site unreachability, which
were dismissed as the net being a bit broken, we were brought in to
diagnose a high profile case that couldn't be ignored (the Director
General of the BBC (i.e. the boss) couldn't access the site as he went
through a VPN).

After a reasonably heated debate we were able almost convince them that
the load balancer/PMTU-D were the problem. I say almost as instead of
fixing the problem they swapped it for a different manufacturers box
instead (RND replaced by Cisco).

The problem isn't that they're stupid. It's hard to persuade people
convinced by the marketing to buy the $20K magic 100% uptime
box that it is the cause of 100% downtime for some. "Surely they
wouldn't sell something that broken" and "it's your net that can't
access the site that everyone else can so it is your net that's broken
isn't it" are common responses.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]