PMTU Black Hole Detection Algorithm Change for Windows NT 3.51

Last reviewed: April 11, 1997
Article ID: Q136970

The information in this article applies to:
  • Microsoft Windows NT Workstation version 3.5 and 3.51
  • Microsoft Windows NT Server version 3.5 and 3.51

SYMPTOMS

Transferring large amounts of data from a Windows NT 3.5 or 3.51 computer to another computer using TCP/IP over intermediate devices may fail.

CAUSE

Some intermediate devices are incapable of handling large packet sizes, and don't respond correctly when receiving them.

RESOLUTION

To correct this problem, install the fix mentioned below.

PMTU Discovery Overview

Windows NT 3.5 and 3.51 use PMTU discovery as described in RFC1191. When a connection is established, the two hosts involved exchange their TCP maximum segment size (MSS) values. The smaller of the two MSS values is used for the connection. The MSS for a system is usually the MTU (Maximum Transfer Unit) at the link layer minus 40 bytes for the IP and TCP headers.

When TCP segments are destined to a non-local network, the Don't Fragment bit is set in the IP header. Any router or media along the path may have an MTU that differs from that of the two hosts. If a media is encountered with an MTU that is too small for the IP datagram being routed, the router will attempt to fragment the datagram accordingly. Upon attempting to do so, it will find that the Don't Fragment bit in the IP header is set. At this point, the router should inform the sending host with an ICMP destination unreachable message that the datagram can't be forwarded further without fragmentation.

Most routers will also specify the MTU that is allowed for the next hop by putting the value for it in the low-order 16 bits of the ICMP header field that is labeled "unused" in the ICMP specification. See RFC1191, section 4, for the format of this message. Upon receiving this ICMP error message, TCP adjusts its MSS for the connection to the specified MTU minus the TCP and IP header size, so that any further packets sent on the connection will be no larger than the maximum size that can traverse the path without fragmentation.

Using The Largest Possible MTU For Each Path Optimizes Efficiency

PMTU discovery is enabled by default, but can be controlled by adding the following value to the registry:

   HKEY_LOCAL_MACHINE
      \SYSTEM\CurrentControlSet\Services\tcpip\parameters
        \EnablePMTUDiscovery (REG_DWORD, 0=disabled, 1=enabled)

When PMTU discovery is disabled, an MTU of 576 bytes is used for all non-local destination IP addresses. (The TCP MSS=536).

PMTU Black Hole Detection in Windows NT 3.5 and 3.51

A number of vendors sell routers and other intermediate devices that are not compliant. Instead of returning ICMP destination unreachable messages to the originating host, they may silently discard IP datagrams that are too large to be passed on to the next media in a path. These devices are referred to as "Black Hole Routers."

Windows NT 3.5 and 3.51 TCP/IP can be configured to attempt to discover these Black Hole Routers, and adapt the PMTU to be small enough to pass through them. A registry value can be added to enable PMTU Black Hole detection:

   HKEY_LOCAL_MACHINE
   \SYSTEM\CurrentControlSet\Services\tcpip\parameters
     \EnablePMTUBHDetect (REG_DWORD, 0=disabled, 1=enabled)

If this value is not present (default), then PMTU Black Hole detection is not enabled.

When PMTUBHDetect is enabled, after a TCP segment is retransmitted 1/2 of TCPMaxDataRetransmissions (another registry parameter, default=5) times without being acknowledged, the Don't Fragment bit will be cleared on the remainder of the retransmission attempts. If the segment is acknowledged as a result, the MSS will be decreased, and the Don't Fragment bit will be set in future IP datagrams sent on that connection.

STATUS

Microsoft Product Support engineers have encountered a number of routers and other intermediate devices that silently drop large frames, even when the Don't Fragment bit is not set. Because the existing Windows NT 3.5 and 3.51 TCP/IP PMTU Black Hole Detection algorithm does not detect and adapt for these devices, customers who encountered problems had no choice but to disable PMTU detection. Therefore, Microsoft has made the following change:

   When PMTUBHDetect is enabled, after a TCP segment is retransmitted 1/2
   of TCPMaxDataRetransmissions (default=5 still) times without being
   acknowledged, an MSS of 536 bytes (MTU=576) will be used on the
   remainder of the retransmission attempts. The Don't Fragment bit will
   not be set on any of these 536 byte segments. 536 bytes is the smallest
   MTU normally encountered, and since the Don't Fragment bit is not set,
   the packet can be further fragmented if necessary.

This change should result in more reliable transfer of large files over wide-area networks with a mixture of intermediate devices, such as the Internet. The modified TCPIP.SYS file is available from Microsoft Product Support.

NOTE: PMTUBHDetect still defaults to 0 (disabled), so in order to take advantage of this feature the value must be added to the registry shown above, and set to 1.

For a complete list of TCP/IP configuration parameters and their possible settings, see Knowledge Base article Q120642.

This problem has been corrected in the latest U.S. Service Pack for Windows NT version 3.51 and Windows NT 4.0. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base without the spaces):

   S E R V P A C K


Additional query words: prodnt
Keywords : kbfix3.51.sp2 kbnetwork ntnetserv NTSrvWkst
Version : 3.5 3.51
Platform : WinNT


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: April 11, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.