🗜️Troubleshooting MTU Problems in Networks 📐

🗜️Troubleshooting MTU Problems in Networks 📐

A Comprehensive Guide


4 min read

In the intricate web of network communication, Maximum Transmission Unit (MTU) plays a pivotal role, determining the maximum packet size allowed through a network path or interface. Analogous to a height restriction on a bridge, exceeding the MTU prevents packets from traversing the network. Understanding and resolving MTU issues, particularly in the context of using a VPN or without it, is crucial for seamless data transmission. The reasons are that VPNs introduce a further encapsulation which reduces MTU size.

Understanding MTU Basics

MTU serves as a size limit for data packets. In most cases, Ethernet's fixed MTU is 1500 bytes. This value includes the payload, TCP/IP headers, and other necessary data for transmission. Larger packets are more efficient, transmitting more data with the same overhead costs compared to smaller packets. However, exceeding the MTU poses a challenge, leading to packet drops.

Impact of MTU and Fragmentation

Exceeding the MTU initiates fragmentation, breaking packets into smaller chunks for transmission. However, fragmentation introduces latency, and inefficiencies in network communication. Mismatched MTU sizes will often manifest itself in slow speeds. Additionally, if any fragment is lost in transit, the entire packet must be retransmitted, increasing overhead and latency.

In IPv6, routers drop packets that surpass the MTU as they cannot fragment IPv6 packets. Similarly, in IPv4 networks with the "Don’t Fragment" flag set, routers discard oversized packets and notify the source node with a "packet too big" ICMP message.

Troubleshooting MTU Issue

Resolving MTU-related problems involves two approaches:

Manual Adjustment: Sending devices adjust packet sizes to align with the MTU of the path or receiving device.

Path MTU Discovery (PMTUD): Automates MTU discovery between hosts to avoid fragmentation.

Path MTU Discovery (PMTUD) and its Limitations

PMTUD assists in determining the ideal packet size to traverse the path without fragmentation. However, factors like blocked ICMP messages due to perceived susceptibility to attacks can hinder PMTUD's effectiveness. Some routers utilize Maximum Segment Size (MSS) clamping to communicate their packet size acceptance. The network administrator need to double check that this has been correctly added.

Determining Path MTU Using Ping Command

When PMTUD fails, the Ping command can help determine the optimal MTU size. By utilizing the "Don’t Fragment" bit in the IPv4 Ping command, you can iteratively adjust packet sizes until finding the ideal MTU for the network path.

Example Commands (Windows and Linux)

  • Windows Command:

  •         ping [destination_IP] -f -l [packet_size]
  • Linux Command:

  •         ping -s [packet_size] -M do [destination_IP]


MTU, coupled with the TCP/IP headers, forms the actual MTU size. Understanding this value and optimizing it based on the transmission media is crucial for efficient network communication. By troubleshooting MTU issues using PMTUD or Ping commands, network administrators can ensure smoother data transmission and avoid unnecessary fragmentation.


What is MTU in Ping?

MTU in Ping refers to the Maximum Transmission Unit, determining the maximum packet size a router or switch can handle. Mismatched MTUs can slow down transmission times due to increased packet processing.

How is MTU calculated?

MTU calculation involves considering the frame's contents excluding the frame header or checksum. Ping calculates the data payload length, which, coupled with TCP/IP headers, represents the Maximum Segment Size (MSS), slightly shorter than the actual packet size.

Process to determine MTU

The process would be to move the size up and down in either of the Windows or Linux commands in the example above until we figure out the right MTU size. We’re basically looking for the largest packet size that won’t return an error. In the example below led us to a packet size of 1472 bytes. As you can see, a packet size of 1473 was too large, but 1472 bytes happens to be the ideal packet size.

When troubleshooting with a VPN you should use this process with or without the VPN enabled. A VPN creates an overlay network where the problem can be amplified. The first test will be to the VPN concentaror and the second test will be using the VPN itself. If the VPN and the networking infrastructure supplying the VPN services disables ICMP you are up the creek without a paddle.

Ronald Bartels ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa.