65.8.3 Disabling IP Fragmentation for Real-Time WAN Transport

By default, the Real-Time WAN Transport is configured to avoid IP fragmentation in most cases. This section describes why it is advisable to avoid IP fragmentation for WAN communications and what you can configure to achieve that if the default settings are not sufficient for your network.

For WAN communications, it is not a good idea to rely on IP fragmentation. IP fragmentation causes significant issues in UDP, where there is no integrated support for a path MTU (maximum transmission unit) discovery protocol as there is in TCP. These are some of the problems associated with IP fragmentation:

  • To successfully reassemble a packet, all fragments must be delivered. If a fragment is lost, the whole packet will be lost.
  • Before reassembly, a host must hold partial fragment datagrams in memory. This opens an opportunity for memory exhaustion attacks.
  • Subsequent fragments lack the higher-layer header. The TCP or UDP header is only present in the first fragment, making it impossible for firewalls to filter fragment datagrams based on criteria like source or destination ports.

For more information on IP-level versus Connext-level fragmentation, see Chapter 38 Data Fragmentation.

Connext can be configured to fragment data at the RTPS level, therefore avoiding IP fragmentation, by setting the transport MTU (<message_size_max>) to be smaller than the IP MTU. A typical IP MTU is around 1500 bytes, so the Real-Time WAN Transport MTU has already been set by default to 1400 bytes, because it is so common to run into IP fragmentation problems in a WAN environment. If you find that you are still running into issues with IP fragmentation because the IP MTU somewhere in your network path is configured to less than 1400, you can change the message_size_max of the Real-Time WAN Transport as follows:

<qos_profile name="DisableIPFragmentationWAN">
    <domain_participant_qos>
        <transport_builtin>
            <mask>UDPv4_WAN</mask>
            <udpv4_wan>
                <message_size_max>1200</message_size_max>
            </udpv4_wan>
        </transport_builtin>
    </domain_participant_qos>
</qos_profile>

Note: Batching does not currently support RTPS fragmentation. If you use batching, you will currently not be able to take advantage of Connext fragmentation. This means that your batch size, including RTPS protocol overhead, has to be limited to the transport MTU. See Chapter 38 Data Fragmentation for more information.