PMTU-D Black Hole Detection Missing? Cause of some conn hangs.

In looking through the kernel source, it appears that Apple has left out one of the most important parts of Path MTU Discovery (RFC1191) as suggested in RFC2923. Since Path MTU Discovery is enabled by default, this may cause some of you to have 15 minute hangs and ultimate termination of connections when large packets are sent to specific hosts.
Other than DNS and Wireless network drops, MTU settings appear to be one of the single most problematic things going on with OS X right now.
For those who are not familiar with MTU, here's a brief rundown.
10/100 Ethernet networks support a base MTU of around 1514 bytes. This is the max number of bytes that a packet is able to be in order to get put on an Ethernet network (and be within spec). Gigabit Ethernet allows for larger, but we won't go into that.
You're probably more used to hearing 1500, however, that is the MTU for IP (or the Ethernet payload) as the Ethernet header itself is 14 bytes.
In that 1500 bytes, you have to fit your IP header, ICMP/TCP/UDP header, and any higher layer protocols and data, each layering on top of the next.
|<--Ethernet (14 Bytes)--><--IP (20 Bytes)--><--TCP (20 Bytes)--><--Data (1460 Bytes)-->|
So that is how things look on a local area network.
Once the WAN comes into play, the Ethernet header is stripped off leaving only the IP packet and another header put in its place to get it over the next link. This process goes on and on and on until the packet finally reaches its destination.
But here's the problem - what if there is ANOTHER layer between the Ethernet and IP stack?
This is actually quite common and you're probably using it now. The protocol PPP over Ethernet (PPPoE) fits between the Ethernet header and the IP header and adds another 8 bytes to this packet size.
So now we end up with:
|<--Ethernet (14 Bytes)--><--PPPoE (8 Bytes)--><--IP (20 Bytes)--><--TCP (20 Bytes)--><--Data (1452 Bytes)-->|
Notice that we now can't put as much data in this packet or we'll end up with a packet that is too big to fit on the Ethernet network.
The PPPoE header will ultimately get taken off once the packet gets where it needs to go at your ISP, but there may be other 'tunnels' between you and your ultimate destination and continue to strip off space of how much data you can put into a packet.
So how do you know how much data you can put into a packet when you don't own or know anything about the network between you and the destination?
That's where Path MTU Discovery comes into play.
It used to be that IP packets would be fragmented (split up) if a packet was too big to get put on the next network. This process of fragmentation causes overhead for both the router having to split up the packets and the receiving device that has to put them all back together again (and make sure they go in the right order).
So in order to reduce this overhead and also ensure that you are always sending the largest packets possible from end to end, IP stacks started setting the 'Don't Fragment' bit in the IP header. This instructs routers to throw away the packet if it is too big when it gets there.
When the packet gets thrown away due to it being too large, the router that throws it away also sends an ICMP packet (an IP diagnostics message) back to the sender telling it what the MTU is of the interface that couldn't take the packet. The sender can then re-calculate things based on that value and resend.
This works great EXCEPT when there are firewalls in the way (or broken routers, which is less likely these days). Many firewalls will not allow these ICMP messages to go back to the sender. Therefore, your host never receives the message that it is supposed to reduce the size of the packet and keeps trying and trying for about 15 minutes until it finally dies.
This is one reason why you may be seeing long hangs that ultimately end in termination of your connection.
RFC2923 goes into some options to work past this issue.
One way that this can be done, Windows Vista for instance does this, is for the system to keep an eye on how many max sized packets get retransmitted. After a certain number (lets say 5), the system assumes that it is not getting this ICMP notification and cuts the size of that packet in half so it can now get the data through - assuming that smaller packets are better than no packets getting sent.
It may also (and does with Vista) temporarily disable the setting of the 'Don't Fragment' bit and allow the routers to just take care of things. So in Vista, you'll see the page stutter for a second, and then continue to load, where an OS X system will sit there and hang for 15 minutes.
This is where OS X goes wrong. This behavior is called PMTU-D Black Hole Detection and does not appear to be in the IP stack for Leopard (and probably not previous releases).
So what can you do.
You have a few options, some of which I've already provided to a few folks (although without the mathematics so it's just a rough guess value).
First, you can just disable PMTU-D. The command to do this is:
sudo sysctl -w net.inet.tcp.pathmtudiscovery=0
This is a 'quick fix' but does eliminate the benefits that PMTU-D provides.
Second, you can calculate out what size MTU seems to work for you by working backwards and configure that on something within your control.
If your home router supports it, that's a good place to reduce the MTU since it only comes into play when you're using your Internet connection and not when hosts within the same network talk to each other. So if you place the MTU of 1472 on your router and your host sends it a 1500 byte packet, it will send back the ICMP message telling you to reduce it down to 1472.
If your router doesn't support it, you can reduce the MTU on your macs physical interface. This isn't always the best solution since you really should then reduce the MTU on each of your local systems or you could run into issues locally.
The command to do this is:
sudo ifconfig en1 mtu 1472
To make this permanent for Ethernet, set it in the Network settings. For Airport, search the forums. I provided an update you can make to one of the preferences files manually to do this (don't remember what file right now).
I have found a couple of sites (Washington Mutual's website for instance) that appear to have configuration issues internal to their network in which a device behind a firewall (possibly the web server, load balancer, or IPSec added) that may have an MTU less than 1500 set on it AND a firewall blocking ICMP packets from coming back. These sites will throw off your math since you can no longer assume a max size of 1500 for IP packets. In this specific case, you have to assume 1480.
Third, you can adjust the MSS setting (Max Segment Size) in the kernel to a value that is 20 bytes smaller than what you would otherwise set the MTU to. This ensures that the TCP stack doesn't put more than that amount of data in any single packet (therefore, eliminating the MTU issue), however, this will not work for UDP.
Finally, you can submit a bug report to let Apple know that PMTU-D Black Hole detection is something that we need.
So what kind of impact does this have on performance?
This will depend on what solution you choose, what the performance of your home router is, and the load on the various servers that have to potentially re-assemble the packets.
That said, knocking things all the way down to 1400 bytes, I am able to still get at least 15 Mbps up and down stream over the Internet.
If you have any questions on this post, please post and i'll do my best to respond. Hopefully this will help one more person resolve their performance issues with Leopard.

Hi Karsten and thanks for the suggestion!
I have exempted internal networks and can connect them via the VPN connection. I also got connectivity to the outside world with nat (outside,outside) and 'same-security-traffic permit intra-interface'.
A question remains though. At the moment, all traffic gets out of the network through the 'outside' interface IP (.22). I'd rather use a dedicated address from the /29 on GigabitEthernet0/0. Is this possible to achieve that? To put it differently, I'd like to NAT the VPN range onto an address that is not the 'outside' interface, like I did in this statement, for instance:
nat (v200,outside) source dynamic v200_private v200_public
My other question is, whether the single NAT statement [nat (outside,outside) dynamic interface] is sufficient for VPN traffic and whether the original statement can be removed [nat (vpn,outside) source dynamic vpn_pool vpn_public].
Thanks once again for the tips!
R.

Similar Messages

VIMEO share has inexplicable "black holes" (missing video)

Anyone else have this problem:
I just finished a simple project. The project had no abnormal video (no funky formats, I've used this type of footage before, and it was all optimized) and there were no hitches during editing or playback. (And it's not a large project--just under 2 mins.)
Then, I shared a project (to my desktop) following some Vimeo specs that I created.
Just before posting to Vimeo, I did a quality check and layed back the compressed file and... a (:04) black hole randomly appeared at one point in the piece. One entire shot. I went back to the video in the timeline and isolated it. Nothing seemed strange as I played it, nor in the inspector. (And it was not unlike ANY other shot in the timeline, same codec, etc...
I shared the project again. (Again to my Vimeo specs.)
THIS TIME... the original "hole" was gone, but another appeared toward the end of the piece. Again, I went back to my timeline to look at the missing shot... and, once again, it was fine.
I shared the project a THIRD time via my "Vimeo specs," and... that SECOND hole had healed itself, but a black hole appeard in the original location of my first attempt at sharing.
Agh!
So, I just did a full-rez (Master file-defalut) share of the project... and IT'S FINE! No holes. So, I completed a two-stage proces to compress THAT file for Vimeo. And all is well.
So, it seems, the hitches (black holes) appear when I go to share straight from my timeline to a compressed file.
Has anyone else had this phenonmenon?
Has anyone found an answer?

how about if you just export to quicktime movie locally? Do you see the black frame then? You can also export to quicktime and select h264 as the output format, then you should be able to upload that file to vimeo. Extra step but the share to vimeo might be buggy.
Another thing to try is to delete all your render files (both event and project). Let things re-render and try the share to vimeo again.

Safari 5.1 in iMac OS X 10.6.8.Adding Bookmarks to "unsorted Bookmarks" folder puts them in a black hole. I can't find the "UB" folder. Where is it? Should I add it to the folder list somewhere on the left pane? OR? Help, please!

Safari 5.1 in iMac OS X 10.6.8.Adding Bookmarks to "unsorted Bookmarks" folder puts them in a black hole. I can't find the "UB" folder. Where is it? Should I add it to the folder list somewhere on the left pane? OR? Help, please!

It looks like that the installation process of one of the applications have caused some trouble. One of them may have changed or added kext files.
For that, the Window server crashed if you try to open a non Apple application like Firefox
Start the system in safe mode by holding the shift key on power on.
If save mode is reached, perform a permissions repair with the Disk Utility.
Don't bother about upcoming warnings like "could not repair file xy" as that occur cause you use the tool on a running system and opened files can not get touched by the tool.
After repair is done reboot system to normal and try to open Firefox.
If the problem persits, please report back here.
Lupunus

Disappear EAR File (black hole ?)

Apparently, there was a black hole in the JDeveloper.
We have done:
application->application properties menu.
Navigate to the deploy section and create a new deployment profile -
define the list of files that will be included and other aspects of application.
using one of the Fusion or Java EE application template
1. Click "Application" -> Deploy -> "default deploy selection for your app"
2. Select "Deploy to Ear" -> Finish
In the EAR Deployment Profile Property
C:\user\Jdeveloper|WebApp\deploy\appEAR.ear
But the deploy folder does not exist.
If you know how to see the EAR File, please educate us.
Thanks in advance,

Thank Shay Shmeltzer:::
[03:35:58 PM] ---- Deployment started. ----
[03:35:58 PM] Target platform is (Weblogic 10.3).
[03:36:00 PM] Retrieving existing application information
[03:36:00 PM] Running dependency analysis...
[03:36:00 PM] Deploying 2 profiles...
[03:36:00 PM] Wrote Web Application Module to C:\Users\usr\AppData\Roaming\JDeveloper\system11.1.2.2.39.61.83.1\o.j2ee\drs\CWK111\111ClientWebApp.war
[03:36:00 PM] Wrote Enterprise Application Module to C:\Users\usr\AppData\Roaming\JDeveloper\system11.1.2.2.39.61.83.1\o.j2ee\drs\CWK111
[03:36:00 PM] Deploying Application...
[03:36:01 PM] Application Deployed Successfully.
[03:36:01 PM] The following URL context root(s) were defined and can be used as a starting point to test your application:
[03:36:01 PM] http://171.20.6.65:7101/CWK111-111Client-context-root
[03:36:01 PM] Elapsed time for deployment: 4 seconds
[03:36:01 PM] ---- Deployment finished. ----
Run startup time: 3666 ms.
[Application CWK111 deployed to Server Instance IntegratedWebLogicServer]
Target URL -- http://171.20.6.65:7101/CWK111-111Client-context-root/cwk1.jsp
[5400:4968:0613/153602:ERROR:connection.cc(733)] sqlite error 19, errno -2: PRIMARY KEY must be unique
[5400:3224:0613/153603:ERROR:external_registry_loader_win.cc(90)] Missing value path for key Software\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk.
[5400:2964:0613/153607:ERROR:textfield.h(162)] NOT IMPLEMENTED
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ End ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
How to correct the error, Shay Shmeltzer?

HD Black hole

I have an 80 GB Hard Drive that is telling me that there is only 3+ GB of space left. However I've added all the numbers and I am only using about 25 GB. I saw a couple other topics close to my problem so I've checked the drive with Whatsize? and Omni Disk Sweeper and they both identify only 25+ GBs in use. I've redone permissions and verified the disk with the Disk Utility and it tells me that everything check out but I still can't get to my 50 Gs
My suspicion was that Virtual PC had allocated space and indeed it would make sense with the allocation and the number of "machines" I had but I uninstalled Virtual PC and I still can't access the space. I was never able to see the VPC "drives" so I have no idea if that is actually the case. Can anyone help me out on this one. I've tried everything I know with the exception of reformatting the disk. Obviously I don't want to do that - I don't have an external drive so I would need to reload everything. Can someone help?

Thanks for the welcome Duane and thanks for the suggestion. I've tried both Whatsize and Omni DiskSweeper and neither one identify the missing space. They both tell me that I have a 74+ Gig HD, they show 24+ Gigs of files etc. and they both tell me that I have 3.97 Gigs of open space. There is no indication at all of the missing 50 GB.
Any other suggestions I am game to try. It really is like a black hole because there is no indication anywhere of where the missing area is. I am wondering two things:
1. is there something that gives a visual mapping of the hard drive that may give an indication of what is happening to this space and
2. can I plug a PC into say a USB port to access the hard Drive and see if the PC recognizes anything since I suspect it is a PC allocation? Any thoughts?
Thanks for your help

My latest pano photo have missing landscape. Some of the photos are merged into one. I can provide the examples. What could cause this problem on a new 5C?

My latest pano photo have missing landscape. Some of the photos are merged into one. I can provide the examples. What could cause this problem on a new 5C?

Thanks for the input. I was finally able to find some test conditions that duplicated the problem, and it is either that or some other out-of-spec diffraction distortion. So I sent it off for repair.

I purchased songs via my ipod touch. when I sync'd my ipod touch with my computer, the songs I purchased disappeared into a black hole... how do I get them back without having to repurchase?

i purchased songs via my ipod touch. when I sync'd my ipod touch with my computer, the songs I purchased disappeared into a black hole... how do I get them back without having to repurchase?

On your iPod Touch, open the iTunes app. There should be tab named "purchased", which shows all your purchase history. Choose the "Not on this iPod" tab and you'll get a list of purchased products that are not on your device. Hope this helped.

WLC 5508 (7.4.100) Coverege Hole Detection

Hi,
After upgrading version 7.4.100, I start to receive logs"Coverege Hole Detection" continiously
Before upgrade logs come very rare
Also coverege areas decrease
I cannot rolled back to previous version, because I start to use AP1600 series
Is it possible to use AP1600 with previous versions other then 7.4.100?
Please help

Hello Recep,
As per your query i can suggest you the following solution-
This alarm message is raised when a client Signal-to-Noise Ratio (SNR) falls below the SNR threshold value for the particular radio. 12 is the default SNR threshold value for coverage hole detection.
The coverage hole detection and correction algorithm determine if a coverage hole exists when clients’ SNR levels pass below a given SNR threshold. This SNR threshold varies based on two values: AP transmit power and the controller coverage profile value.
In detail, the Client SNR threshold is defined by each AP’s transmit power (represented in dBm), minus the constant value of 17dBm, minus the user configurable Coverage profile value (this value is defaulted to 12 dB).
Client SNR Cutoff Value (|dB|) = [AP Transmit Power (dBm) – Constant (17 dBm) – Coverage Profile (dB)]
This user configurable coverage profile value can be accessed this way:
1.In the WLC GUI, go to the main heading of Wireless and select the Network option for the WLAN standard of choice on the left side (802.11a or 802.11b/g). Then, select Auto RF in the upper right of the window.
2.In the Auto RF Global parameters page, find the Profile Thresholds section. In this section, you can find the Coverage (3 to 50 dbm) value. This value is the user configurable coverage profile value.
3.This value can be edited to influence the Client SNR threshold value. The other way to influence this SNR threshold is to increase the transmit power and compensate the coverage hole detection.
For more information please refer to the link-
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008082c464.shtml
Hope this will help.

Inaccessible items - builder's black holes

Hi folks,
There are places in this splendid product where you just can't get what you need. The HTMLDB app itself has reports with a arbitrary maximum rows and no pagination. Hmm.
So:
1 - if you use a lot of app-level items (as I do, it's a non-trivial app), you cannot see them all in the Session popup. You CAN sort, so you can see the first few and the last few BUT you can't see the ones in the middle.
2 - you can create a stacked bar chart with many series, BUT the Chart Series report region (page 232 of app 4000) only shows 15 rows. Without noticing this problem, I created a chart (which works fine) with 20 series, and I now need to modify series 16 - and I CAN'T!
I can live with problem 1, but I don't see a workaround to problem 2 (other than hand-editing an export - v. dodgy).
Please tell me that these whoopsies will be removed in the next release, and more pressingly, tell me if there's anything I can do about problem 2.
Many thanks
John D

Sergio,
Pleased to hear of the Metalink proposal.
I can't really import my app - it's dependent on 4000+ database objects.
To investigate the 'inaccessible' global items problem, try creating an app with (say) 100 application level items. Run a page and pop up the Session window and you'll see what I mean.
It strikes me that good design principles for any app (the Builder included) would be:
- except where there's a specific reason why not, all columns of any multi-row report region should be sortable;
- except where there's a specific reason why not, any multi-row report region should be controlled by a Number Of Rows Item;
- except where there's a specific reason why not, any multi-row report region should have either a pagination scheme (preferred) or MaxRowCount set to an improbably large number;
Applying these principles to the Builder app would obviate the 'black hole' problem. Maybe they'll be applied in 2.0?
As you'll know from previous posts I think HTMLDB is excellent. A few more tweaks (see below) and I'll run out of adjectives.
Thanks,
John
Yet more wonderful:
- renumber a page, with changes cascaded through all references (tricky I agree, but feasible)
- copy a region AND its items from App A1 Page P1 to App A2 Page P2
- define multiple application-level date-picker formats
- define re-useable tree templates
- define tree queries with normal SQL: i.e. START WITH <prior> IS NULL. At the moment, an HTMLDB tree needs a singe root node, but SQL doesn't demand this and it's not real-world, so I have to create views to introduce a dummy root node.
- drag and drop on tree nodes built in to tree functionality
- define the button to be used for a File Browse item
- enable multiple file selections with a single File Browse item
- define a default template for Form items which applies itself by default to ALL form items
- application-wide search (and maybe replace, even) of LOWER(<string>)
- ... er, can't think right now...

Why detect missing faces? why not recognise them all in the first scan?

each time i import images, some faces are detected instantly, but I have to run detect missing faces one time more to find other recognizable faces. why possibly does aperture apply such mechanism?

at a guess its probably a speed versus productivity tradeoff, detection down to a certain level takes a certain amount of processing, detection to the nth degree would take a lot more.

Send postmaster mails to BLACK HOLE

Hi,
Is there anyway I can send postmaster mails to black hole ( /dev/null )
I know that people will ask why I want to send postmaster mails to /dev/null. But this is the requirement.
Cheers
Rakesh Malik

Why not just turm 'em off?
add keywords like
nocopypost
nowarnpost
to your defaults config line in imta.cnf
compile config
restart mta

TS2755 After 'upgrading' to iOS 7.0.2, I am unable to send or receive photos in iMessage. With the previous iOS, it was no problem. Is there a fix? Apple support is the usual 'black hole' that ***** up endless time.

After 'upgrading' to iOS 7.0.2, I am unable to send or receive photos in iMessage. With the previous iOS, it was no problem. Is there a fix? Apple support is the usual 'black hole' that ***** up endless time.

Apple guys are deleting posts. I have found my posts have been deleted. Apple should MUST let us downgrade at least to previous release from current which was working fine.

When I rotate my video clip so that is isn't viewed sideways, it has black bars on both sides and some of picture is missing. Can I rotate the image so it plays rightside up without the black bars? The image was taken by an iPhone. I am viewing it on PC

When I rotate my video clip so that is isn't viewed sideways, it has black bars on both sides and some of picture is missing. Can I rotate the image so it plays rightside up without the black bars? The image was taken by an iPhone. I am viewing it on PC

Just to recap, this is a collection of ports I have collected over time for people who needed this information when setting up the HP ePrint app so that they could view their email from within the app. I am certain other applications also need this information. Although lengthy, I could not find a more comprehensive place to retrieve this information. Feel free to post additional information, faulty information, or other related topics below as this is simply a collection of data and it would be practically impossible to test all of them. Thank you!
Don't forgot to say thanks by giving "Kudos" if I helped solve your problem.
When a solution is found please mark the post that solves your issue.
Every problem has a solution!

Black Hole in Filesystem

As in http://discussions.apple.com/thread.jspa?threadID=1957127&tstart=0 treated I had the problem, that finder info shows the size of Document folder in its size, the tool Whatsize was showing 0 Bytes, before and after cloning the volume.
Now I putted the content of my document folder per drag and drop to a folder situated in an other of my folders, and finder info shows ists size, Whatsize does not (0 Bytes); it seems, I have copied a black hole in the size of the content, compensating the size, or....
it is not dangerous, but interesting.
__ k.

At the install-procedur of a new version of Whatsize I saw the license is limited, free only up to 20GB. Maybe it was on my old version too, and I have forgotten this.....
_________ best regards to the community, Karl

Newsstand: another black hole

Start with a virgin newsstand, tap the screen or store, go to a selection of possible newspapers and journals. Pick one out, get it. Click the home button to leave the newspaper and newsstand. Click newsstand again, your newspaper is in the stand but you want to get another one. Forget it, when you click store, the store is in the background dimmed and in the middle of the screen is a square picture of the newspaper you've already got and the only thing you can do is open that. Black hole, you cannot get out of this loop. All you can do is close ipad down completely and start up again.
Cheers, Bob

Start with a virgin newsstand, tap the screen or store, go to a selection of possible newspapers and journals. Pick one out, get it. Click the home button to leave the newspaper and newsstand. Click newsstand again, your newspaper is in the stand but you want to get another one. Forget it, when you click store, the store is in the background dimmed and in the middle of the screen is a square picture of the newspaper you've already got and the only thing you can do is open that. Black hole, you cannot get out of this loop. All you can do is close ipad down completely and start up again.
Cheers, Bob

PMTU-D Black Hole Detection Missing? Cause of some conn hangs.

Similar Messages

Maybe you are looking for