IT Team
The Catapult IT team is responsible for providing end-user and network/server infrastructure support across Catapult’s six offices. Their blog contains insights and lessons learned from supporting the IT needs of a world-class consulting company.

Black Hole Routers   

Tags: Joe Stocker
Technorati Tags:

Got your attention? I like this topic because it sounds like something from outer space =) MS KB 314825 explains a curious issue that you may encounter on your networks and how to identify a black hole router.

When a network router receives a packet that is larger than the size of the Maximum Transmission Unit (MTU) of the next segment of a communications network, and that packet's IP layer "don't fragment" bit is flagged, the router is expected to send an ICMP "destination unreachable" message back to the sending host.
If the router does not send a message, the packet might be dropped, causing a variety of errors that vary with the program that is communicating over the unsuccessful link. (These errors do not occur if a program connects to a computer on a local subnet.) The behavior may seem intermittent, but closer examination shows that the behavior can be reproduced, for example, by having a client read a large file that is sent from a remote host.

The largest buffer that can be sent unfragmented is equal to the smallest MTU that exists along a route, minus the IP and ICMP headers (in other words, the smallest MTU minus 28). For example, Ethernet has an MTU of 1,500 bytes, so under the best circumstances, the Ping utility can echo an unfragmented packet, plus an ICMP buffer, of 1,472 bytes (1,500 minus 28). The syntax for the ping command in this case is:

ping computer_name or IP_address -f -l 1472

For all local IP addresses, the expected results are as follows:

  • If the MTU of every segment of a routed connection is at least 1,500, the packet is successfully returned.
  • If there are intermediate segments that have smaller MTUs, and the routers return the appropriate ICMP "destination unreachable" packet, the Ping utility displays the message, "Packet needs to be fragmented but DF set."
  • If there are intermediate segments that have smaller MTUs, and the routers do not return the appropriate ICMP "destination unreachable" packet, the Ping utility displays the message, "Request timed out."


By increasing the -l parameter on successive pings, you can identify how large an unfragmented packet can travel a specific route. The smallest MTU that is in general use is 576 bytes, so you can safely start with an ICMP buffer of 548 and then work up from there. For example, if the command Ping computer_name or IP_address -f -l 972 returns packets but Ping computer_name or IP_address -f -l 973 does not return packets, the largest MTU on that route is 1,000 (972 plus 28).

KB 314825 describes a few methods for fixing this issue. I just like it because it is a cool way of using the ping utility =)

Posted by  Joe Stocker  on  12/16/2009
0  Comments  |  Trackback Url  | 0  Links to this post | Bookmark this post with:        

Links to this post

Pingback from  365 SSO / ADFS Guides | The-IT-Blog  on  3/30/2012  7:52 AM

Pingback from  Lync Recording Options « rubartsunifiedcommunications  on  3/30/2012  11:32 AM

Pingback from  Windows Server Backup VHD to Virtual Machine, possible?  on  4/10/2012  3:07 PM

Pingback from  XenServer to Hyper-V Conversion via WSB  on  11/2/2012  6:58 PM

Pingback from  WSB not recovering  on  11/25/2012  1:07 PM

Pingback from  KB2813630 – Backing up VMs on Server 2012 Failover Clusters  on  2/16/2013  4:13 PM

Pingback from  VM from baremetal backup  on  3/29/2013  2:54 PM

Pingback from  Exchange 2010, Windows Server Backup (bare metal) restore?  on  11/3/2013  11:58 PM

Pingback from  Knowledge is the Key! | Exchange 2007: Export mailboxes to PST  on  2/1/2014  8:23 AM

Pingback from  IT in 2014: One Big Cloud | News In Marketing  on  3/13/2014  3:54 PM

Pingback from  Recovering Ost File Outlook 2007 |  on  9/27/2014  11:08 AM

Pingback from  Recovering Outlook Ost File |  on  9/27/2014  2:54 PM

Pingback from  ADFS stops functioning ( yearly issue ) | Bart Vincke's Blog  on  10/15/2014  9:20 AM

Pingback from  Export-mailbox Maximum Pst Size -  on  11/3/2014  12:13 AM

Pingback from  Mpls Connection To Azure | MPLS  on  11/3/2014  11:47 AM


Name *:

CAPTCHA Image Validation