Hi All, I am trying to resolve a possible Blackhole router issue in the VPN between a satellite office and our main office. As an intermediate solution I have set the MTU value in the registry on both the servers in the satellite office. The value I have set is 1350. But now when doing ping -f -l 1323 from a client pc in the same subnet as that server I get a timeout. Shouldn't the server reply with DF? Or I am just slowly going crazy because of this blackhole problem? When pinging with different packet sizes I get the following results: Ping server01 -f -l 1322: OK Ping server01 -f -l 1323: Timeout Ping server01 -f -l 1400: Timeout Ping server01 -f -l 1472: Timeout Ping server01 -f -l 1473: Packet needs to be fragmented but DF set. The client is Windows XP SP3. The server is a Windows 2003 Server SP2. Thanks an best regards, Matthijs

Hi All, Too bad noone could help me here, but I think I found the right answer: normally when two clients on the same subnet communicate with eachother, they figure out the MTU size of the other client directly. For the above problem this means that in all normal communication the Windows XP machine figured out that the MTU of the server is 1350. So it sends all packets with this size, and not bigger. Then when I used ping and forced a bigger size the packets were just discarded by the server because it couldn't cope with them. So the whole DF thing only works when working with different subnets, because it is actually the router sending the DF packet. If anyone could confirm this I would be very gratefull! Best regards, Matthijs

This is a classic mismatched MTUs issue when the mismatched nodes are on the same subnet. Here is the situation: XP client MTU: 1500, Server MTU: 1350 1. Ping server01 -f -l 1322: OK 2. Ping server01 -f -l 1323: Timeout 3. Ping server01 -f -l 1400: Timeout 4. Ping server01 -f -l 1472: Timeout 5. Ping server01 -f -l 1473: Packet needs to be fragmented but DF set. 1. Works because the ICMP message size sent by the client is 1350, within the MTU of the server (1322+28 [20 bytes of IP header, 8 bytes of ICMP header]). 2, 3, 4. Discarded by the server because they are too large (larger than 1350). 5. Size of ICMP message sent by the client (1501 or 1473+28) is larger than the IP MTU of the client. In this case the IP stack on the client computer indicates the ICMP Dest Unreachable-Fragmentation Needed And DF Set error condition (no message sent) Your conclusion above is correct. When the client and the server are on different subnets, an intermediate router detects and sends the ICMP Dest Unreachable-Fragmentation Needed And DF Set message. Destinations don't send the ICMP Dest Unreachable-Fragmentation Needed And DF Set ICMP message. If the incoming packet is too big, IP silently discards it. General communication between clients and servers on the same subnet appears to work for application traffic because TCP uses the Maximum Segment Size (MSS) option during the TCP session handshake to adjust the size of TCP segments.