This article describes the changes in path maximum transmission unit (PMTU) black hole router detection that are included in Microsoft Windows Server 2003 Service Pack 2 (SP2). These changes are also included in Microsoft Windows Vista.
PMTU discovery is defined in RFC 1191. PMTU relies on the receipt of Internet Control Message Protocol (ICMP) "Destination Unreachable-Fragmentation Needed and Don’t Fragment (DF) Set" messages. These messages come from routers that contain the maximum transmission unit (MTU) of the next link. However, in some cases, intermediate routers silently discard packets that cannot be fragmented. These types of routers are known as black hole PMTU routers. Additionally, intermediate routers may drop ICMP messages because of configured firewall rules. Then, TCP connections can time out. This behavior occurs because intermediate routers silently discard large TCP segments, the retransmissions of the TCP segments, and the ICMP error messages for PMTU discovery.
PMTU black hole router detection senses when large TCP segments are retransmitted. Then, the PMTU black hole router automatically adjusts the PMTU for the connection instead of relying on the receipt of the ICMP Destination Unreachable-Fragmentation Needed and DF Set messages. When you use TCP/IP in Windows Server 2003 and in Microsoft Windows XP, PMTU black hole router detection is disabled. This behavior occurs because enabling the PMTU black hole router increases the maximum number of retransmissions that are performed for a given segment.
However, when the use of firewall rules increases on routers to drop ICMP traffic, the Next Generation TCP/IP stack enables PMTU black hole router detection. This behavior occurs to prevent TCP connections from ending. PMTU black hole router detection is triggered on a TCP connection when TCP starts retransmitting full-sized segments with the DF flag set. TCP resets the PMTU for the connection to 536 bytes. Then, TCP retransmits its segments when the DF flag is clear. This behavior maintains the TCP connection. However, the TCP connection may have a reduced PMTU size than actually exists for that connection.
The following is a list of black hole router detection changes that are included in Windows Server 2003 SP2:
By default, black hole detection is turned on.
Black hole probing is performed only for connections in established or advanced states.
Black hole probing is performed only for connections on which there is no full-size segment acknowledgement.
If black hole probing fails, the TCP Maximum Segment Size (MSS) of the connection is restored to what it used to be before probing.
With black hole router detection turned off in versions of Windows that are earlier than Windows Server 2003 SP2, a connection times out approximately after 63 * RTT. In Windows Server 2003 SP2, connections time out after 71 * RTT.