IP MTU and MSS question

Hi, i have a question regarding IP MTU and MSS which is slightly confusing me, your lesson on it was very useful however i was wondering when in your example regarding the packets not working when you changed the IP MTU to 1400, was this due to the fact that since the MSS value was not changed, the MSS was making the packet larger and made it 1500 bytes?

Thanks for the help

Hello Michael

First of all note that there are two different MTU commands: mtu 1400 and ip mtu 1400. The first is the maximum allowed frame size, the second is the maximum allowed packet size.

When the MTU size was changed on the interface to 1400, what was changed was the allowed frame size. So IP packets were still up to 1500 bytes in length, but when they reached Fa0/0 and were re-encapsulated by the router, going from layer 3 (max 1500 bytes allowed) to layer 2 (max 1400 bytes allowed), the packet does not become encapsulated and thus is dropped.

When the IP MTU size was changed on the interface, what the router would do is create a packet of up to 1400 bytes, and the segments, even if they are larger, will be fragmented if necessary. By also configuring ip tcp adjust-mss 1360 we are confirming that all segments will fit into the IP MTU which will in turn fit into the MTU thus ensuring that no fragmentation occurs either at the layer-4-to-layer-3 encapsulation or at the layer-3-to-layer-2 encapsulation allowing for a much more efficient transmission.

I hope this has been helpful!

Laz

Hi Laz

Thanks for the reply and thank you for the clear and descriptive answer, i just have one more question. Am i correct in saying that if i leave the MTU at 1500 bytes and set the IP MTU to 1400 along with the payload to be 1360 bytes, could that leave the 100 bytes left over to be used for such things like MPLS, IPsec and GRE to take advantage of the extra 100 bytes?

Thanks again

Hello Michael

If you configure the IP MTU of that interface to be 1400, then all packets exiting it will always be 1400. In the specific topology in the lesson, the fact that the Layer 2 MTU is 1500 on the same interface doesn’t give any “room” to other protocols to function. However, there are situations where this logic of the allowance of additional headers for MPLS, IPSec, GRE and QinQ in MTU size is important.

For example, if the MTU (Layer 2) is set to 1500 on the interface of a switch that is a trunk, and the other end of the link is connected to a switch that is configured to operate using QinQ, then the MTU of the second switch (and all downstream interfaces) should be at least 1504 bytes to accommodate the additional tag of 4 bytes. (For more details, check out this Lesson.)

In another example, if the IP MTU (Layer 3) is 1360 on a switch port and this is connected to a router that encapsulates all traffic using IPSec, then the router interface (and all downstream interfaces) should be able to accommodate an IP MTU of 1360 bytes + IPSec Header size which can reach over 120 bytes depending on the kind of encryption used.

So when trying to “fit” smaller MTUs into larger ones for the purpose of using the technologies mentioned, it is important that the MTU sizes downstream be large enough to accommodate the extra overhead necessary for the specific protocol being used. The configuration of MTU and IP MTU on the same interface do not involve the overhead of these protocols.

I hope this has been helpful!

Laz

Okay so how does normal VLAN tagging work then if i have an MTU of 1500 by default on a switch + 14 bytes from ethernet, but 4 extra bytes from a VLAN tag which passes through, why does that work when the normal default setting on a switch is set to 1500?

Thanks for the help, this is confusing

I read this http://rickardnobel.se/the-vlan-802-1q-tag-part-1/ article that states the maximum frame size is 1518 bytes and that when the VLAN tag is inserted it goes up to 1522 bytes, if the MTU by default is 1500 bytes how is the extra 4 bytes allowed.

I’m coming back after reading a few more articles and would like to present a scenario forward and you could let me know if i’m right or wrong in what i said, thanks.
I have a normal TCP connection setup but with GRE added on top. The MTU is 1500 for the interface. GRE is an extra 24-28 bytes on top of the normal packet so i would subtract 24 off 1500 which would give me 1476 and as a result i would set the IP MTU at 1476 and then subtract another 20 for the IP header of the IP MTU and 20 for the TCP header. This would leave me with 1436 which is what i would set as the MSS.
Does this seem right?

Thanks again

Hello again Michael

I will attempt to answer your questions one by one below:

When configuring the MTU size (L2) what you are actually specifying is the size of the payload that an Ethernet frame can carry. This means that an ethernet frame that exits an interface with an MTU of 1500 may be up to 30 bytes larger including header and trailer. (up to 26 bytes for header + 4 for trailer. See below for explanation). But this doesn’t affect the MTU since headers and trailers of the Ethernet frame are not included in this size.

There are different ways of referring to the header of an Ethernet frame. Some include the preamble, some do not, so the numbers can often vary. The official 802.3 Ethernet frame header has the following fields:

* 7 bytes preamble
* 1 byte delimiter
* 6 bytes destination MAC
* 6 bytes source MAC
* 4 bytes 802.1Q Tag
* 2 bytes Ethertype
=26 bytes

And the trailer adds an additional 4 bytes FCS.

Once again, these values above are not included in the MTU.

Unlike the L2 MTU, the IP MTU includes the IP header in its value, so IP headers (as well as all additional headers such as GRE, IPsec, and upper layer headers) are included in this value. So if you have an interface MTU of 1500 you must have an IP MTU of 1500-28 (use the max value for GRE) = 1472 bytes.

The MSS MTU does not include the TCP header or the IP header, so both of those should be subtracted. So the MSS MTU should be 1472-40=1432.

So your logic is essentially correct if you use the lower limit of the GRE header size of 24.

I hope this has been helpful!

Laz

Thanks for the response again, i think i have the concepts down pretty much now. there is just one thing that is bothering me, on this site below:
https://wiki.mikrotik.com/wiki/Manual:Maximum_Transmission_Unit_on_RouterBoards

I sates that the VLAN tag is included in the L2 MTU which is confusing me.

Hello Michael

After further researching this topic, I have found that the term MTU is not standard across all platforms and vendors. Juniper as well as Mikrotik seem to define it differently. Some include the VLAN tags and others do not. Even Cisco is somewhat inconsistent with their definitions as well as the Cisco IOS defines MTU as the payload of the frame while the IOS-XR operating system includes the header of the frame in its calculation. As Cisco states:

In the classical Cisco IOS software (not the Cisco IOS XR software), the interface mtu command configures the L2 payload size, but does not include the L2 header. This is different from the Cisco IOS XR software which includes both the L2 and L3 overhead in the interface mtu command.

So it is important to determine how each platform views the MTU and configure accordingly. Here on networklessons however, we stick to the definitions as defined and used in the CCNA/CCNP/CCIE certifications.

I hope this has been helpful!

Laz

Hi, i want to say thanks so far for all the help and information provided, i only have one more question regarding all this now then.

I think i understand pretty much everything I’ve read in regards to it now, one thing i genuinely cannot wrap my head around though is the whole subtracting part of a packet to create a new IP MTU so it can pass through an interface without fragmentation.
I understand fragmentation, what i dont understand is for example:
Interface MTU 1500
IP MTU 1500 (IP header 20 bytes TCP 20 bytes Payload 1460 bytes)
If i started using GRE which adds another 28 bytes on top of the 1500 IP MTU, time after time i have read that you should subtract 28 from 1500 which is 1472 and then another 40 for the IP and TCP headers to make an MSS of 1432. The IP MTU includes all packets in the IP field at layer 3 anyway so why not just subtract 28 from 1460 which gives you 1432 as well and just leave it at that with the IP MTU still at 1500, why make the IP MTU smaller when it has to fit another IP packet into it?

Very confusing, haha.

Hello Michael

When using GRE, there are two interfaces involved. The GRE tunnel interface and the physical interface. So there are two IP MTUs that must be configured. The GRE tunnel interface IP MTU is, by default, 24 bytes less than the physical interface IP MTU, so the GRE interface IP MTU is 1476. This adds another variable into the equation to “get your head around!”

I suggest you check out this excellent document published by Cisco that deals with MTU and MSS issues with GRE and IPsec tunnels and fragmentation. It is very detailed and I believe you will find it useful for your question.

I hope this has been helpful!

Laz