Networks that allow computers to exchange data are widely used. In a typical network, a packet transmitted by a source computer passes through multiple pieces of equipment as it is routed to a destination computer. If at any point a piece of equipment does not properly process the packet, the destination computer may not receive the packet.
To prevent errors in transmission from disrupting communication between a source and a destination computer, a network may operate according to a protocol under which a destination computer sends an acknowledgement to the source whenever it receives a packet. If the source computer does not receive the acknowledgement within a predetermined time-out period, it assumes that the destination computer did not receive the packet and retransmits the same packet. The source computer will repeat the transmission, up to some preset maximum number of tries, until it receives an acknowledgement. Such a protocol allows a network to operate without data loss even if some packets are corrupted or for other reasons do not reach their intended destinations.
However, the process of retransmitting a packet multiple times, each time creating a delay at least as long as the time-out period, can cause an undesirable delay when a problem exists between a source and destination. During this delay, the source computer does not recognize that a problem exists with the connection and cannot take corrective action.
To reduce the time required for a source computer to identify and react to a problem, a network protocol may specify that network equipment send a status packet to the source computer if it cannot process a packet. The Transmission Control Protocol (TCP), used on many networks, defines a set of ICMP packets to provide status information.
One problem that can interfere with the transmission of a packet over a network containing different types of equipment is that a source computer may transmit a packet that is too large for some piece of network equipment to process. For example, network equipment operating according to TCP generally supports packets with up to 576 bytes. Many pieces of network equipment support larger packets, and transmission of packets having 1,480 bytes is common. But, if a source computer transmits a packet with 1,480 bytes along a path that contains a piece of network equipment that can only process 576 bytes, the packet may not reach the destination computer.
Some network equipment that receives a packet that is too large for it to process will “fragment” the packet into two smaller packets. However, fragmentation of packets can cause other transmission problems, and TCP specifies a bit in every packet that can be set by a source computer to instruct network equipment processing the packet not to fragment it. If fragmentation is prohibited, any network device that cannot process a packet because of length will discard the packet. Regardless of the number of times a source computer retransmits that packet, it will not reach the destination computer.
To reduce the delay required for the source computer to identify that it is sending packets that are too large for a path, network equipment that cannot process the packet may send an ICMP packet to the source computer indicating that it could not process the packet. When the source computer receives the ICMP packet, it can stop waiting for an acknowledgement and can forego retransmission of the packet. The source computer can take corrective action without further delay, such as dividing the information in the packet into multiple smaller packets and transmitting those smaller packets.
However, this approach to detecting and correcting the problems in transmission caused by network equipment that cannot process large packets often does not work in practice. Some network equipment is not fully compliant with the network protocol and may discard packets that are too large without sending any ICMP packet. In addition, many computer system administrators block some or all of the ICMP packets because they can be used for improper purposes. ICMP packets, for example, may be used in denial of services attacks on a networked computer system. As a result, a source computer may not receive an ICMP message.
If no ICMP packet is sent to alert the source computer that its packet was too large for a piece of network equipment to process or if the ICMP packet is blocked from reaching the source computer, a condition called a “black hole” can be created. The source computer sends a packet but receives neither an acknowledgement that the packet was successfully received nor an indication that a problem in transmission occurred.
To avoid black holes, some commercially available communication software has included “black hole” management. For example, WINDOWS XP® operating system software provided by Microsoft Corporation includes an optional black hole management capability. A user must enable this capability, but when enabled, the communication software probes to determine whether a black hole exists for a particular connection if an attempt to transmit a large packet times out without an acknowledgement or error message. Probing for a black hole involves sending small packets. If the small packets are received successfully, but larger packets are not, the communication software may determine that a black hole exists on a particular connection. If a black hole is detected, the communication software marks a record in a data structure corresponding to the connection. Thereafter, any information sent over the connection will be sent in small packets.