Databases Reference
In-Depth Information
Performance Tip
In most cases, you can avoid packet fragmentation by configuring the
MTU setting of the client and the database server to be the same as the
path MTU, the lowest MTU of any network node along the path. For
example, using the scenario in Figure 4-18, if you configure the MTU set-
ting of the client and database server to be a value of 1492, packet frag-
mentation would not occur.
VPNs Magnify Packet Fragmentation
Configuring the MTU setting to the path MTU doesn't always avoid packet frag-
mentation. For example, when VPN tunneling is used, the problem of packet
fragmentation is magnified because of additional packet overhead.
VPNs are routinely used to connect remote machines over the Internet to
corporate LANs, creating a secure path between two endpoints. Communication
within the VPN path is encrypted so that other users of the Internet cannot inter-
cept and inspect or modify communications. The security protocol that per-
forms the encryption, typically Internet Protocol Security Protocol (IPSec),
encapsulates, or wraps, each network packet in a new, larger packet while adding
its own IPSec headers to the new packet. Often, the larger packet size caused by
this encapsulation results in packet fragmentation.
For example, suppose the MTU of a VPN network link is 1500 bytes and the
MTU setting of the VPN client is set to the path MTU, a value of 1500. Although
this configuration is ideal for LAN access, it presents a problem for VPN users.
IPSec cannot encapsulate a 1500-byte packet because the packet is already as
large as the VPN network link will accept. In this case, the original communica-
tion is re-sent using smaller packets that IPSec can encapsulate. Changing the
MTU setting on the client to a value of 1420 or less gives adequate leeway for
IPSec encapsulation and avoids packet fragmentation.
Performance Tip
A one-size-fits-all MTU doesn't exist. If most of your users are VPN users,
change the MTU setting along the network path to accommodate your
VPN users. However, remember that reducing the MTU for your LAN
users will cause their application performance to suffer.
