MTU on Server 2008 - high bandwidth utilization
Using our network sniffer we have observed high network utilization. when we look into details we see that a packet of size 1514 byte is the reason for the cause. Also noticed the DF bit(dont fragment bit) is set to 1 which means don't fragment. I was informed by the Microsoft Online concierge that by default in windows server 2008 fragmentation is enabled. so why is this happening? Also How can i confirm if packet fragmentation is enabled or disabled on windows server 2008?
April 6th, 2010 4:49pm

The DF bit being set is usually do to the PMTU discovery process, and is ultimately caused because of mis-matched (IP) MTU or MSS sizes in the path between the devices communicating, usually on a router...this is very common. Another common cause is when a VPN is used either in a client-to-lan or lan-to-lan model. A VPN will reduce the MTU (and therefore the MSS) by 100 bytes or more, and will act just like a router, thus affecting the PMTU process. The 1514 bytes is the maximum physical ethernet frame size, this is not MTU. MTU is the max physical size minus the ethernet frame header which is 14 bytes (1514 - 14 = 1500). It is common for a sniffer to report the extra 14 bytes, that is commonly ignored when dealing with the MTU at a IP protocol level. What you are seeing is probably perfectly normal and you can safely ignore. More information http://netscreen.com/techpubs/software/junos/junos80/swconfig80-network-interfaces/html/interfaces-physical-config5.html http://www.faqs.org/rfcs/rfc1191.html http://msdn.microsoft.com/en-us/library/ms817967.aspx
Free Windows Admin Tool Kit Click here and download it now
April 6th, 2010 5:41pm

Hi Thank you very much for your reply. Basically we need to find out the DF bit flag difference in windows OS server 2003 & 2008. What we can see in sniffer that DF bit set to 0 in 2003 & 1 in 2008. is it correct?
April 7th, 2010 5:30pm

As far as i know there isn't a setting that forces the DF bit to be set within the Windows OS. The PMTU discovery process will dynamically enable/disable the DF bit on packets if it receives duplicate acknowledgements which indicate that a single packet was fragmented. Also, PMTU requires ICMP to work properly. If ICMP packets are dropped or filtered for some reason this may affect the process. In comparing differences you may want to check the various regsitry settings that relate to the PMTU process. Like the MTU and the PMTU discovery setting on both servers and the MTU of all the routers and VPN devices in the communication path, and check the windows firewall for ICMP filters. I don't know of any specific differences between 2003 and 2008 TCP/IP implementation, but there may be some enhancements in Windows 2008....i don't know. Like i said before, this is probably normal. PMTU is in place to help maximize the TCP/IP protocol effeciency and therefore you should see higher bandwidth utilitzation because that normally equals higher performance. This is only a problem if you reach a satuartion point on the bandwidth causing packet loss or degraded performance on other systems sharing the bandwidth. This article may give you some ideas about how to troubleshoot if you still preceive this to be an issue. http://networkadminkb.com/kb/Knowledge%20Base/Windows2003/Troubleshooting%20MTU%20Path%20Discovery%20issues%20over%20a%20VPN%20Tunnel.aspx
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2010 6:20pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics