Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

331

332

333

334

335

336

337

338

339

340

Path MTU discovery (PMTD) identies the path MTU value between the sender and the receiver, and uses the determined value to

transmit packets across the network. PMTD, as described in RFC 1191, denotes that the default byte size of an IP packet is 576. This

packet size is called the maximum transmission unit (MTU) for IPv4 frames. PMTD operates by containing the do not fragment (DF) bit set

in the IP headers of outgoing packets. When any device along the network path contains an MTU that is smaller than the size of the

packet that it receives, the device drops the packet and sends an Internet Control Message Protocol (ICMP) Fragmentation Needed (Type

3, Code 4) message with its MTU value to the source or the sending device. This message enables the source to identify that the

transmitted packet size must be reduced. The packet is retransmitted with a lower size than the previous value. This process is repeated in

an interactive way until the MTU of the transmitted packet is lower or equal to the MTU of the receiving device for it to obtain the packet

without fragmentation. If the ICMP message from the receiving device, which is sent to the originating device, contains the next-hop MTU,

then the sending device lowers the packet size accordingly and resends the packet. Otherwise, the iterative method is followed until the

packet can traverse without being fragmented.

PMTD is enabled by default on the switches that support this capability. To enable PMTD to function correctly, you must enter the ip

unreachables command on a VLAN interface to enable the generation of ICMP unreachable messages. PMTD is supported on all the

layer 3 VLAN interfaces. Because all of the Layer 3 interfaces are mapped to the VLAN ID of 4095 when VLAN sub-interfaces are

congured on it, it is not possible to congure unique layer 3 MTU values for each of the layer 3 interfaces. If a VLAN interface contains

both IPv4 and IPv6 addresses congured on it, both the IPv4 and IPv6 trac are applied the same MTU size; you cannot specify dierent

MTU values for IPv4 and IPv6 packets.

Using the Congured Source IP Address in ICMP

Messages

ICMP error or unreachable messages are now sent with the congured IP address of the source interface instead of the front-end port IP

address as the source IP address. Enable the generation of ICMP unreachable messages through the ip unreachable command in

Interface mode. When a ping or traceroute packet from an endpoint or a device arrives at the null 0 interface congured with a static route,

it is discarded. In such cases, you can congure Internet Control Message Protocol (ICMP) unreachable messages to be sent to the

transmitting device.

Conguring the ICMP Source Interface

You can enable the ICMP error and unreachable messages to contain the congured IP address of the source device instead of the

previous hop's IP address. This conguration helps identify the devices along the path because the DNS server maps the loopback IP

address to the host name, and does not translate the IP address of every interface of the switch to the host name.

Congure the source to send the congured source interface IP address instead of using its front-end IP address in the ICMP unreachable

messages and in the traceroute command output. Use the ip icmp source-interface interface or the ipv6 icmp

source-interface

interface commands in Conguration mode to enable the ICMP error messages to be sent with the source

interface IP address. This functionality is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6 messages.

feature is not supported on tunnel interfaces. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported for

tunnel interfaces. The traceroute utilities for IPv4 and IPv6 list the IP addresses of the devices in the hops of the path for which ICMP

source interface is congured.

Conguring the Duration to Establish a TCP

Connection

You can congure the duration for which the device must wait before it attempts to establish a TCP connection. Using this capability, you

can limit the wait times for TCP connection requests. Upon responding to the initial SYN packet that requests a connection to the router

for a specic service (such as SSH or BGP) with a SYN ACK, the router waits for a period of time for the ACK packet to be sent from the

requesting host that will establish the TCP connection.

You can set this duration or interval for which the TCP connection waits to be established to a signicantly high value to prevent the device

from moving into an out-of-service condition or becoming unresponsive during a SYN ood attack that occurs on the device. You can set

IPv4 Routing

337