Novell is now a part of Micro Focus

Playing Around with XBOX (and BorderManager)

Novell Cool Solutions: Tip
By Robert Charles Mahar

Digg This - Slashdot This

Posted: 8 Nov 2006


A Forum reader asked:

"Our XBOX users cannot get onto XBOX Live; they are getting errors stating that our MTU is not large enough.

I have checked that "User specified MTU" is off on the NBM server. The specified size is 576. Should I change the maximum interface MTU to 1365 for the XBOX, or should it be left alone?"

And here are some thoughts on the subject from Bob Mahar ...


We have same seen same problems at a bunch of sites, including the one I manage. A few things:

Microsoft has no diagnostics IN the XBOX to detect that the MTU is too small. It's just a catchall error for any number of other problems. So it's often a red herring, as it were, that wastes our time chasing a non-existent MTU error.

Blocking all ICMP (not just echo) may break the PMTU algorithm. So this may be a filtering issue or require manual assignment of the MTU. If PMTU is broken, the XBOX may "think" the MTU is too small.

XBOX Live uses all manner of slightly non-standard Microsoft stuff. Certain games, or features in certain games, (stuff using H.323 to conference the players, and of course non-use of the newer H.323 NAT-friendly protocol) require hard IP addresses on both ends and will not work over an NBM proxy or Novell NAT.

If the Guide stuff on Microsoft Media Edition is also broken for your students, you need a proxy that will pass HTTP range headers. NBM Proxy does not necessarily handle this properly by default, and some firewall/IDP products also do not. On calling Microsoft, customers are initially told to adjust - as if my magic - their MTU - which does nothing. But its the first thing on their list. Fixing this issue may fix the XBOX issues as well. You may also see this issue as broken BITS transfers.

You can test the actual MTU using several methods. One easy way is to use "ping -f -l <size> : <ipaddress>" (e.g., ping -f -l 500

Start with a small size and increment a couple hundred bytes at a time, or whatever. Eventually you will reach a value for which you get a fragmentation error. You can binary-search that range until you reach the REAL MTU (less the baggage ICMP uses):

C:\>ping -n 1 -f -l 500
Pinging with 500 bytes of data:
Reply from bytes=500 time=2ms TTL=255

C:\>ping -n 1 -f -l 1000
Pinging with 1000 bytes of data:
Reply from bytes=1000 time=1ms TTL=255

C:\>ping -n 1 -f -l 1500
Pinging with 1500 bytes of data:
Packet needs to be fragmented but DF set.

C:\>ping -n 1 -f -l 1400
Pinging with 1400 bytes of data:
Reply from bytes=1400 time=1ms TTL=255

C:\>ping -n 1 -f -l 1450
Pinging with 1450 bytes of data:
Reply from bytes=1450 time=1ms TTL=255

C:\>ping -n 1 -f -l 1475
Pinging with 1475 bytes of data:
Packet needs to be fragmented but DF set.

C:\>ping -n 1 -f -l 1465
Pinging with 1465 bytes of data:
Reply from bytes=1465 time=1ms TTL=255

C:\>ping -n 1 -f -l 1470
Pinging with 1470 bytes of data:
Reply from bytes=1470 time=1ms TTL=255

C:\>ping -n 1 -f -l 1472
Pinging with 1472 bytes of data:
Reply from bytes=1472 time=1ms TTL=255

C:\>ping -n 1 -f -l 1474
Pinging with 1474 bytes of data:
Packet needs to be fragmented but DF set.

C:\>ping -n 1 -f -l 1473
Pinging with 1473 bytes of data:
Packet needs to be fragmented but DF set.

Results? The biggest ICMP ECHO I can send is 1472 bytes. So, most likely it's an IP MTU of 1500 bytes in our case. You can do the same to a remote site, going through the NBM box, and see the PMTU directly.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates