Windows 2008R2 MTU reverts to default
Enno Rey
erey at ernw.de
Tue Jun 11 07:29:43 CEST 2013
Hi,
On Mon, Jun 10, 2013 at 10:59:21PM +0200, Dick Visser wrote:
> On 10 June 2013 22:48, Phil Pennock <ipv6-ops+phil at spodhuis.org> wrote:
> > On 2013-06-10 at 14:57 +0200, Dick Visser wrote:
> >> This works for a while, but after a minute or so it changes back to the default:
> >
> >> Any ideas what might be causing this?
> >
> > A thought, so only qualifies as "might", I don't know Windows to speak
> > definitively, but ... IPv6 NDP Route Advertisement with the MTU option?
> >
> > Windows then updating the manually-configured value based upon learnt
> > values on the wire?
>
> Yup, this was the case. I watched it continuously, and when an RA came
> in, it overwrote the manually configured MTU.
> Next question: how do I prevent that from happening?
two things come to mind:
a) as already stated by Christopher: by deactivating the processing of RAs on the Windows systems in question.
It should be noted that this is a severe "deviation from default" (see https://www.troopers.de/wp-content/uploads/2013/01/TROOPERS13-Design+Configuration_of_IPv6_Segments_with_High_Security_Requirements-Enno_Rey.pdf for the term) and hence in general we don't like or recommend that approach.
b) (much better): have the router advertise the lower MTU you want to use in the RAs by just setting a lower MTU on the (router) interfaces in question.
See also: http://blog.ioshints.info/2013/01/mtu-issues-and-tcp-mss-clamping-in.html
best
Enno
>
>
> --
> Dick Visser
> System & Networking Engineer
> TERENA Secretariat
> Singel 468 D, 1017 AW Amsterdam
> The Netherlands
--
Enno Rey
ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 174 3082474
PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1
Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey
=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
=======================================================
More information about the ipv6-ops
mailing list