Network by Example - Datagrams: MTU

2 minute read

Datagrams: MTU

There’s a limit on the size of the frame for carrying the PDU of a protocol in Ethernet, the MTU (Maximum Transmission Unit), usually 1500 bytes.

If IP is sending a Datagram that is larger than the MTU, IP must fragment it into smaller pieces.

Don’t Fragment

To avoid fragmentation problems the IP header Don't Fragment Flag, that forbids any router on the path from performing fragmentation.

When a router is unable to forward a datagram because it exceeds the MTU of the next-hop network and its Don't Fragment bit is set, the router is required to return an ICMP Destination Unreachable message to the source of the datagram, with the Code indicating “fragmentation needed and DF set”.

The rfc6864 updates rfc791, by saying that the doesn’t need to be used (can be always zero) and ignored by endpoints, if and only if the datagram is atomic. An atomic datagram has fragmentation is disabled, by the DF flag.

Path MTU

If 2 hosts are across multiple networks, each link can have a different MTU. For example, 1436 due to GRE tunnels. The Path MTU is the smallest MTU of all the links between the source and destination.

The path can change over time, if a router fails, for example and can be non-symmetric (not the same in both directions).

The path MTU discover (PMTUD) is used to determine the largest size of a packet that can be sent without fragmentation, by using ICMP. When the router is unable to propagate a datagram because it exceeds the MTU of the next-hop network and its Don't Fragment bit is set, the A router must send ICMP type 3 code 4 message, PTB (Packet Too Big), indicating Frag needed and DF set, to the client, which in turn should adjust the MTU setting for that particular connection.

Some firewalls drop ICMP (ICMP black hole), so PMTUD can fail and cause problems. It can be disabled with sysctl -w net.ipv4.ip_no_pmtu_disc=1.

~ $ ping -s 1472 -M do
PING ( 1472(1500) bytes of data.
From icmp_seq=1 Frag needed and DF set (mtu = 1432)
  ## -s: set the size
  ## -M do: set the DF flag

In this example we can test if a router has a low MTU, by setting the DF flag and sending a ping with a large size. If the MTU was set to 1500, the ping would work. If the router is dropping ICMP, we can’t know the MTU.



Leave a Comment