Token Ring PMTU and FireWall-1

[roadrunner]

Token Ring PMTU and FireWall-1
(Note: the info on this page was written by Thomas Piergallini) Here is the world of Path MTU as I have gathered the info from sites around the planet. Enjoy for your reference. Ignore the references to UUNET, I mainly wrote this for sales-engineer types. The info came from the Microsoft and Raptor sites, and then I verified all of it in the lab.
If a customer's internal network is a Microsoft Windows based Token Ring or FDDI network with hosts capable of Path MTU Discovery, significant performance degradation can occur when accessing other PMTU capable sites on the internet (for a detailed explanation, see the Microsoft Technical Note below). These performance problems are most evident when utilizing HTTP to download a typical web page.

The following is the UUNET recommended solution to this problem. Note well, that this problem is not directly related to any of the firewalls that UUNET sells, although a firewall could exacerbate the problem if improperly configured.

To solve PMTU performance degradation problems, do one of the following:


{NOT RECOMMENDED} All Windows NT and Windows95 Token Ring or FDDI workstations should have PMTU disabled (not recommended) or
{RECOMMENDED} Windows workstations should configure their web browsers to point to a proxy server that has PMTU disabled. This could be a proxy server behind the firewall, or the firewall itself. Although all the firewalls that UUNET sells have a proxy server capability, we recommend using an internal proxy server, for best performance and flexibility.
See the following Tech Note from Microsoft: http://support.microsoft.com/support.../q136/9/70.asp



-- RobertGraham - 16 Mar 2004


FAQForm
FAQs.Class: TroubleshootingFAQs
FAQs.OS:
FAQs.Version: