Solved

Internet Web Server - What is the optimized MTU?

Posted on 2002-03-04
8
772 Views
Last Modified: 2013-11-29

   hi,

   I have a Linux Web Server in a hosting facility connected to the Internet on multiple T1/E1 leased lines. I was reading about MTU / MSS and fragmentation, etc.

Since my web server services all types of clients on the net e.g dial-ups, ISDNs, DSLs, corporate LANs, etc..
wouldn't the default Ethernet MTU of 1500 bytes cause datagrams to be fragmented when the IP datagrams are delivered to e.g. dial-up clients with MTU of 576 bytes ?
This would result in slower delivery, but if the Don't Fragment (DF) flag was instead checked, it would also cause problems if the ICMP packets could not make it back to the server?

How is this handled in the "real-world" Internet?
And what is the optimized settings for the MTU of my web server..??

Please advice... Thxs

0
Comment
Question by:thiamwah
8 Comments
 
LVL 5

Accepted Solution

by:
n0thing earned 100 total points
Comment Utility
I would suggest you just to leave the default MTU of 1500 alone. Since you're serving many different clients, changing the default MTU will affect many more clients on faster connection, and reducing it won't help the clients on dialup connections either. The IP stacks of the clients connecting to your server will auto-negotiate the Windows size (MTU) depending on his connection, so you don't have to worry about that.



0
 
LVL 8

Expert Comment

by:scraig84
Comment Utility
I have never personally configured it, but I know that many web site administrators use path MTU.  This is a method of determining the largest MTU in the path from server to client by sending out the first packet with a large size and the DF bit set.  Any devices in the path with smaller MTU will respond via ICMP and tell the server what size it can handle.  The server can then send at the optimum size for the path.

I will say though that this opens up a large can of worms, as some ICMP packets will get blocked by customer firewalls and you will need to open up certain ICMP types to your web server through your firewall.  Many times, this will cause failed sessions and irate customers.  However it is still used fairly often these days.

Other than that, I would stick with 1500.
0
 
LVL 24

Expert Comment

by:SunBow
Comment Utility
I'll go along with the use of default, to keep it simple. Unless you know otherwise for specific platforms.

I want to believe either highest or lowest value can add value, depending on environment, and that the parameter max ought to be a little higher than most set it, but it depends on vendor, mixture, and whether or not headers are counted.

But real world not that way. I've seen where people have reconfigured their client's MTU to reduce jobs from hours to minutes, one going higher, another lower. Go figure. Any case, it is one of those tuning things that it helps to experience first hand. One hopes default accounts for that.

A related client example is that at least one shrinkwrap vendor for remote management had one version tuned quite well for a Netware environment, but it was slow for their TCP/IP upgrade, so they changed the parameter (impacting Netware).

What you may want to check out if curious is MTU for token Ring vs ethernet. Most now use the ethernet max (lower). MSS is typically MTU minus TCP&IP 40 byte header. Connections are further discussed in RFC 1191. Many find easier reading, in general, through certain publishers like O'Reilly and New Riders.

The tuning game of parameters can vary based on servers, platforms and router capability. Older systems are more likely to provide better performance with the lower values than newer systems.

> dial-up clients with MTU of 576 bytes ?

What if.. WAN has MTU at 520 (with 500 data)? IP spec is 576 min datagram. Since size can be negotiable, rule of thumb is that the better overall is highest value that is permitted for most of the paths.

On significance, we had server moved to route via gigabit, a dramatic speed increase. Application that had taken minutes began to take hours. Adjusting MTU in Windoze restored the response time for the application. So you are correct in assuming the parameters can impact performance.

IMO, best overall is to go with defaults like this unless you know otherwise. You can always set up tests of alternatives, for specific situations, and reconfigure accordingly. Generally, it runs better at higher values, and better at values that are set the same for the most communicators.
0
 
LVL 24

Expert Comment

by:SunBow
Comment Utility
> And what is the optimized settings for the MTU of my web server..??

Interesting side question... for those with many servers, and load balancing implemented, would they try to specialize by having tuned one server with one MTU, another with another...
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:thiamwah
Comment Utility
>>
I have never personally configured it, but I know that many web site administrators use path MTU.  This
is a method of determining the largest MTU ...
>>

I read up on Path MTU. Pretty cool :)
Is path MTU negotiated for every Internet client that attempts to connect to my server ? Wouldn't that add quite a bit of overhead to the whole process..??

0
 
LVL 16

Expert Comment

by:SteveJ
Comment Utility
No, Path MTU is -- right or wrong -- considered to be a security problem on the internet and it may or may not help you because all routers between you and the requestor would need to be configured to support it and I can pretty much guarantee that they won't.

As sunbow points out, you can dramatically alter performance using this parameter under certain conditions. But GENERALLY those "conditions" don't exist in a public network . . . conditions such as predictability of packet size (for example if 99.9% of the volume of your traffic was in 128byte chunks -- like my network -- altering MTU would have no effect. On the other hand if you have lots of huge web pages to dump to the internet, you'd see performance improvements with larger packet sizes. But this is so general that it's almost useless.

Lots of serious people put protocol analyzers at different points in their network to determine just what the packet size mix actually is and then adjust the MTU accordingly.

Ethernet default MTU is 1500 bytes on most operating systems including NT. One interesting fact is that NT uses a default MTU of 576 bytes if the destination network is different from the source network. In other words when I FTP a file from 10.1.1.1 to 10.1.1.2 an MTU of 1500 bytes is used. When I FTP a file from 10.1.1.1 to 192.168.1.2 the MTU gets set to 576 bytes because Microsoft decided that if you are doing something like this you must be traversing the internet and they want to be good internet non-packet-fragmenting neighbors. But if 10.1.1.1 is on a 100mbit network segment attatched to a router with an ATM card with a network address of 192.168.1.1 then a 576 byte MTU is pretty inefficient . . . for FTP anyway.

Good luck.
Steve
0
 
LVL 16

Expert Comment

by:SteveJ
Comment Utility
"No" is my answer to your question about whether every connection inbound on your server does path MTU discovery. And MTU is NOT negotiated, path MTU simply reports back to the originator what the smallest MTU for the path is and your machine sets MTU for that value . . . I suppose that is technically some form of negotiation . . . But negotiation to me means that all parties involved agree on a value, whereas path MTU discovery simply finds out what's there and reports back.

Steve
0
 
LVL 24

Expert Comment

by:SunBow
Comment Utility
[closed mar 6th]
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Join & Write a Comment

Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now