Failure to Open Some Web Pages by NAT/L2TP Users Due to Packet Fragmentation Problems

Publication Date:  2012-07-27 Views:  113 Downloads:  0
Issue Description
Phenomenon 1: Some users who perform the NAT operation on the MA5200 can ping some websites, but cannot open Web pages. There is no problem if the public IP address is used. Phenomenon 2: Some users who perform the L2TP operation on the MA5200 can ping some websites, but cannot open Web pages.
Alarm Information
None
Handling Process
1) There is no route problem after a test. 2) The Web pages can be opened by using the public IP address, indicating there is no website problem. 3) The router interface has an MTU value, and any packet with a larger MTU value than this one will be fragmented. The fragmentation on the network will lead to many problems, so it should be avoided as much as possible during the packet transmission. Therefore, the TCP window size MSS is negotiated according to the size of packets in real transmission during the TCP connection establishment between the client and the server. The calculation method of MSS is: MSS = MTU ?IP ?TCP (Remove the PPPoE header if there is). That is to say, the MSS value is the length of payloads carried by TCP. The lengths of IP and TCP packet headers are basically fixed, so the MSS value determines the MTU value. In an Ethernet, the MSS value is generally less than or equal to 1460 (20 bytes for the IP header, and 20 bytes for the TCP header). In this case, the MTU value of packets transmitted is less than or equal to 1500. The interface MTU value of a router is 1500 generally, so these packets will not be fragmented on the network. However, the interface MTU value of a router in the packet transmission path is less than 1500, which results in the packet fragmentation. In addition, the MA5200 supports no fragmentation packets after the NAT/L2TP operation, so the fragmentation packets will be discarded by the MA5200 after reaching MA5200. Seen from the fault symptom, the largest possibility is that a smaller MTU value of the website egress router leads to the packet fragmentation on that interface.
Root Cause
There may be the following problems if Web pages cannot be opened: 1) Route problem. 2) Website problem. 3) Negotiation problem about the values of MTU and MSS .

END