LateralAccessDevice

takes you back to before the Internet

How It Works | Download LAD | Support | LAD Security | Features & Uses | Resources | Members | User Guide

When Too Many Bytes Leave You with Fragments

The standard Ethernet payload/MTU size? 1500 bytes. The packet payload size used on many networks? Also 1500 bytes. Easy, peasy, right? Not so fast. When sent out to the Internet, those packets with 1500-byte payloads that seamlessly sped around within the network run into a payload limitation imposed by the PPPoE (Peer-to-Peer Protocol over Ethernet) used by many DSL and fiber services, reducing the allowable payload to just 1492 bytes. When the modem gets those 1500-byte payload packets from the network, it may do one of two things: drop the whole thing or split the packet into two fragments.

The problem with the first option, dropping the packet, is fairly obvious. The problem with the second option is less so, but no less problematic. Splitting one packet into two or more smaller packets is referred to as “fragmenting.” While on the face of it fragmenting a too-large packet into two smaller ones seems a reasonable solution, most modern firewalls automatically filter out and drop fragmented packets because accepting fragmented packets creates more load, and, more significantly, creates openings for hacks. Further, fragmenting packets creates more of the less desirable (delays in delivering the data and more processing requirements at every point along the delivery path) and less of the more desirable (speed and efficient utilization of bandwidth).

Compounding the problem is the increasingly widespread filtering of ICMP packets. Originally networks were set up so that if a packet were dropped for any reason, an ICMP response would be sent back to the sender alerting that the packet was dropped and why. As time went by, many networks started filtering out all ICMP packets, meaning fragmented packets now just quietly get dropped and the sender’s data does not efficiently reach its destination or at all.

While reducing the MTU/maximum payload size within the network could address this issue, it reduces efficiency overall and slows down the network through increased overhead and CPU processing time. The most practical solution is to increase the MTU (maximum transmission unit) and MRU (maximum receiving unit) to 1500 bytes when exchanging data with the ISP. Most NICs support jumbo packets with up to 9000-byte payloads and most DSL modems may be adjusted to process jumbo packets, meaning the network’s standard 1500-byte payload packets process just fine, even with PPPoE’s additional 8 bytes tacked on.

Changing the MTU and MRU configurations likely would address the payload size problem in many cases. If not, you may need to change the modem and/or router or a Lateral Access Device module to take care of this and many other network problems and conundrums.

LAD: LateralAccessDevice is software that turns a computer chassis into a high-performance, multi-purpose Internet / network tool that combines multi-dimensional firewalling, network monitoring, access control, packet capture, DNS, NAT and a host of other applications into one easy to use, integrated, high-security package. LAD takes you back to before the Internet!