In the intricate web of network communication, Maximum Transmission Unit (MTU) plays a pivotal role, determining the maximum packet size allowed through a network path or interface. Analogous to a height restriction on a bridge, exceeding the MTU prevents packets from traversing the network. Understanding and resolving MTU issues, particularly in the context of using a VPN or without it, is crucial for seamless data transmission. The reasons are that VPNs introduce a further encapsulation which reduces MTU size.
Understanding MTU Basics
MTU serves as a size limit for data packets. In most cases, Ethernet's fixed MTU is 1500 bytes. This value includes the payload, TCP/IP headers, and other necessary data for transmission. Larger packets are more efficient, transmitting more data with the same overhead costs compared to smaller packets. However, exceeding the MTU poses a challenge, leading to packet drops.
Impact of MTU and Fragmentation
Exceeding the MTU initiates fragmentation, breaking packets into smaller chunks for transmission. However, fragmentation introduces latency, and inefficiencies in network communication. Mismatched MTU sizes will often manifest itself in slow speeds. Additionally, if any fragment is lost in transit, the entire packet must be retransmitted, increasing overhead and latency.
In IPv6, routers drop packets that surpass the MTU as they cannot fragment IPv6 packets. Similarly, in IPv4 networks with the "Donât Fragment" flag set, routers discard oversized packets and notify the source node with a "packet too big" ICMP message.
Troubleshooting MTU Issue
Resolving MTU-related problems involves two approaches:
Manual Adjustment: Sending devices adjust packet sizes to align with the MTU of the path or receiving device.
Path MTU Discovery (PMTUD): Automates MTU discovery between hosts to avoid fragmentation.
Path MTU Discovery (PMTUD) and its Limitations
PMTUD assists in determining the ideal packet size to traverse the path without fragmentation. However, factors like blocked ICMP messages due to perceived susceptibility to attacks can hinder PMTUD's effectiveness. Some routers utilize Maximum Segment Size (MSS) clamping to communicate their packet size acceptance. The network administrator need to double check that this has been correctly added.
Determining Path MTU Using Ping Command
When PMTUD fails, the Ping command can help determine the optimal MTU size. By utilizing the "Donât Fragment" bit in the IPv4 Ping command, you can iteratively adjust packet sizes until finding the ideal MTU for the network path.
Example Commands (Windows and Linux)
Windows Command:
ping [destination_IP] -f -l [packet_size]
Linux Command:
ping -s [packet_size] -M do [destination_IP]
MTU Problems on the Network Edge, Last Mile, & Data Centres
One of the common challenges faced in networkingâparticularly on the edge, last mile, and within data centresâis MTU (Maximum Transmission Unit) issues. MTU defines the maximum size of a packet that can be transmitted without fragmentation, and problems often arise when different networking equipment along the path supports different MTU sizes. This can result in packet loss, latency, and degraded performance.
MTU problems typically stem from inconsistent configurations, firmware bugs, or outdated software running on network devices like routers, switches, and firewalls. For example, when packets larger than the supported MTU size attempt to traverse the network, they are either fragmented or dropped entirely. This leads to inefficiencies in data transmission, especially when it comes to edge and last-mile networks, where differing devices may support varying MTU values.
Firmware & Code Bugs
In many cases, MTU issues are directly related to firmware or code bugs in the network devices. Equipment from various vendors might interpret or apply MTU settings incorrectly, leading to mismatches in packet handling. Devices on the last mile, such as Customer Premises Equipment (CPE) or modems, often come with factory-set MTU values that may not match the optimal settings for certain networks, creating performance bottlenecks.
The below is an example of a device that creates MTU headaches, a model of Huawei routers.
Fusion's SD-WAN | Mitigating MTU Problems
Fusionâs SD-WAN solution tackles this issue by allowing administrators to override the MTU setting directly on the SD-WAN edge devices. Instead of relying on network devices to negotiate or handle MTU settingsâwhich may lead to inconsistenciesâFusionâs SD-WAN can be configured to use a standardised MTU value across all tunnels and paths. For instance, setting the MTU to 1460 ensures that packet sizes are small enough to avoid fragmentation across most typical internet links, while still large enough to minimise the overhead from too many small packets.
By overriding the MTU setting to a consistent value like 1460, Fusionâs SD-WAN ensures that:
Packet fragmentation is reduced or eliminated, improving performance.
MTU-related firmware or code bugs in edge devices or last-mile links are bypassed.
The SD-WAN tunnels function optimally across multiple paths, especially over variable-quality last-mile connections like fibre, fixed wireless, and LTE.
Example | Setting MTU to 1460
An example of configuring Fusionâs SD-WAN to mitigate MTU issues would be setting the MTU to 1460. This is a safe value that accounts for the overhead introduced by headers in IP packets, particularly when encapsulated within a VPN tunnel or over a service provider network that has its own internal MTU limitations.
In Fusion's SD-WAN management interface, you would:
Navigate to the tunnel settings for each WAN link.
Override the default MTU setting with 1460.
Apply the configuration across all relevant edge devices and paths to ensure consistency.
This simple adjustment ensures the network can handle the MTU limitations imposed by firmware or code bugs without causing packet loss or fragmentation. By standardising the MTU across the SD-WAN deployment, businesses benefit from more predictable performance and fewer troubleshooting issues related to inconsistent MTU handling.
Wrap
MTU, coupled with the TCP/IP headers, forms the actual MTU size. Understanding this value and optimizing it based on the transmission media is crucial for efficient network communication. By troubleshooting MTU issues using PMTUD or Ping commands, network administrators can ensure smoother data transmission and avoid unnecessary fragmentation.
MTU FAQs
What is MTU in Ping?
MTU in Ping refers to the Maximum Transmission Unit, determining the maximum packet size a router or switch can handle. Mismatched MTUs can slow down transmission times due to increased packet processing.
How is MTU calculated?
MTU calculation involves considering the frame's contents excluding the frame header or checksum. Ping calculates the data payload length, which, coupled with TCP/IP headers, represents the Maximum Segment Size (MSS), slightly shorter than the actual packet size.
Process to determine MTU
The process would be to move the size up and down in either of the Windows or Linux commands in the example above until we figure out the right MTU size. Weâre basically looking for the largest packet size that wonât return an error. In the example below led us to a packet size of 1472 bytes. As you can see, a packet size of 1473 was too large, but 1472 bytes happens to be the ideal packet size.
When troubleshooting with a VPN you should use this process with or without the VPN enabled. A VPN creates an overlay network where the problem can be amplified. The first test will be to the VPN concentaror and the second test will be using the VPN itself. If the VPN and the networking infrastructure supplying the VPN services disables ICMP you are up the creek without a paddle.
Ronald Bartels ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa.