Everytime I study MTU, I seem to get it and then I do work in real life and it confuses me. I had an issue the other day and wanted to check my theory.
I had a firewall that we could not browse to via HTTPs. When doing a packet capture and troubleshooting we saw the following -
- Successful 3 Way Handshake
- TLS CLient Hello
- On the response Server Hello, Certificate we saw a packet that was 1512 in length, although the MTU of the link is 1500 and the MSS negotiated in the handshake was 1460.
- When we lowered the MTU to 1400 on the Management Interface we then saw the MSS negotiated to 1360
- After 1360 the connection was successful
So, when the packet was 1512, why was it not fragmented and then put back together at the other end? This packet contained everything in the one packet it needed it was just too big for the link. I thought when a packet is too big it is fragmented as long as fragmentation is supported. Or, a certificate packet is not allowed to be fragmented as I noticed the 1512 packet is marked as DF.
Lowering the MTU now has less room for TCP payload via MSS so now it works, but it doesn't contain the same amount of data that was in the 1460 payload does it? Is it not the data the issue, but the overhead on top as the 1512 packet had 1460 of payload? Can the cert etc fit in the 1360 payload but because MSS was 1460 tried to get as much data in there as it could?
Hope this question makes sense, wanted to post it on ask stupid question but missed it on Monday.
Thanks
Brad
No comments:
Post a Comment