Summary

A host is fragmenting packets regardless of the DF setting in IP packet headers, which may affect network performance.

Recommended action

  • Avoid deploying VPN solutions that ignore DF flags in the IP header.
  • If detected on a router, ensure router microcode has been upgraded to the latest version.
  • In Windows operating systems along the test path, review the MTU registry keys in "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip". Either delete the MTU key, or change its value to reflect the MTU of all NIC cards installed (typically 1500 byte MTU defined by 1518 byte frame size). Note that on Windows operating systems the MTU registry key is created and set by some versions of Cisco VPN installation programs, and uninstalling does not remove the key.
  • </ul>

    Detailed explanation

    In modern networks, typical network traffic sets the Don’t Fragment (DF) bit within IP packets. This has several benefits in that network devices are not overloaded with fragmentation tasks, PMTU discovery (RFC 1191) functions properly, and problems are avoided where hosts do not properly reassemble fragmented packets. A white hole is a host that does not drop oversized packets, but fragments them to fit MTU regardless of the DF flag setting. White holes are seen with some VPN solutions employing GRE tunnels, and also with various MTU adjustments on some operating systems. This behavior seems to be highly dependent on minor revision numbers of operating systems. This network behavior can cause problems to low-capacity devices that cannot properly handle packet fragments.

    Possible secondary messages