MTU 101

MTU stands for Maximum Transmission Unit. This is the amount of data that can be transmitted by one protocol. MTU is used at every layer of the OSI stack, but it’s value is closely related to the layer/protocol.

On a router

Layer 2 – mtu

On a router, the mtu command applied on an interface defines the value of the L2 payload. This means how much data a L2 frame can contain, without the L2 header or trailer. By default, this value is 1500 Bytes on Serial and FastEthernet interfaces, but it can be changed with:

R(config-if)# mtu BYTES
! Default: 1500

To see the current value used as the L2 MTU, use:

R# show interface INTERFACE | i MTU
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

As you will see in the next section, on a Cisco device the mtu and the ip mtu values refer to the same portion of a packet. The value defined for the L2 MTU is closely related to the value defined for the L3 MTU because the L3 MTU can’t be larger than the L2 MTU. When setting the L2 MTU to a value lower than L3 MTU, the L3 MTU also changes. When setting the L3 MTU you can’t set a value larger than L2 MTU, but it can be lower. The L2 MTU doesn’t change. When a router receives a frame that is larger than the L2 MTU (comparing only the L2 payload), the packet is dropped.

Layer 3 – ip mtu

On a router, the ip mtu command applied on an interface defines the size of the L3 packet, including its headers. As you can see, this represents the same portion as the one used as the L2 MTU. By default, the L3 MTU value for Serial or FastEthernet connections is 1500 Bytes, same as the default L2 MTU. You can change it with:

R(config-if)# ip mtu BYTES
! Default: 1500

To see the current value used as the L3 MTU, use:

R# show ip interface INTERFACE | i MTU
  MTU is 1500 bytes

If you need to send L3 packets that are larger than the IP MTU, fragmentation occurs. The router will split the original packets in packets that can be accommodated by the L3 MTU size. Well, this works as long as the packet doesn’t have the DF(Don’t Fragment) bit set. If such a packet arrives and the L3 MTU is smaller than the packet size, then the packet is dropped and an ICMP message is generated (packet too big)

Layer 4 – ip tcp mss

On a router, the MSS (Maximum Segment Size) represents the MTU value for TCP – How much data can a TCP packet contain. This value is negotiated during TCP handshake and is chosen as the smallest value configured on the sender or the receiver. When a Cisco Router is a sender or a receiver, it uses a MSS value of 1460 Bytes for local destinations (same subnet) and 536 bytes for remote destinations. This value can be changed with:

R(config)# ip tcp mss BYTES

When a router is neither the sender, nor the receiver it can intercept TCP packets and modify the MSS value to prevent dropping larger packets than the network would accept. To enable this, use:

R(config)# ip tcp adjust-mss BYTES

On a switch

Layer 2 – system mtu

On a switch you can’t configure individual MTU values for every port. Instead, a global MTU value is configured that is used on all ports. This value only changes when the router reloads. The definition for the L2 MTU is the same as for routers and has the same default value: 1500 Bytes. It can be changed with:

Sw(config)# system mtu BYTES
! Default 1500. Max:1998. Requires reload

When a switch receives frames that are larger than the L2 MTU, it drops them.

Sw# show system mtu
System MTU size is 1500 bytes
System Jumbo MTU size is 1550 bytes
Routing MTU size is 1500 bytes.

Layer 2 – system mtu jumbo

For Gigabit interfaces, the value for Jumbo MTU is used. To configure the switch to support Jumbo frames on Gigabit ports, use:

Sw(config)# system mtu jumbo BYTES
! Default 1500. Max: 9000. Requires reload

If a switch receives frames larger than the JUMBO MTU, it drops them. If a switch receives a frame larger than the L2 MTU, but smaller than the JUMBO MTU, it will still drop them if they are destined for a FastEthernet port, regardless of the port they were received on.

Sw# show system mtu
System MTU size is 1500 bytes
System Jumbo MTU size is 1550 bytes
Routing MTU size is 1500 bytes.

Layer 3 – system mtu routing

This value represents the L3 MTU size and can’t be bigger than the L2 MTU size. If the L2 MTU size is set lower than the L3 MTU size, the L3 MTU size will also change after reload. This value is also used by OSPF when advertising its MTU. To change it, use:

R(config)# system mtu routing BYTES
! Default 1500. Doesn't require reload

To verify, use:

Sw# show system mtu
System MTU size is 1500 bytes
System Jumbo MTU size is 1550 bytes
Routing MTU size is 1500 bytes.

When to worry about MTU

Usually, the default MTU size is not modified, unless the devices work in an environment where additional encapsulation is used. Additional encapsulation occurs in the following situations:

  • L2 frames encapsulated in other L2 frames

    • PPPoE: the L3 MTU of the PPPoE interface should be set to 1492.

    • Q-in-Q Tunneling: The L2 MTU should be set to 1504

  • L3 packets are encapsulated in other L3 packets

    • GRE Tunneling: Adds 24 Bytes to the IP Header, so when crafting packets, the router will limit the L3 size to MTU-24 Bytes, in order to accomodate the packets on the network. Fragmentation may occur

    • Other L3 Tunnels

  • MPLS – adds 4 bytes for each label. For MPLS L3 VPN, there are 2 labels, so 8 Bytes. E.g. if L2 MTU is 1500, L3 packets larger than 1492 Bytes will be fragmented (or dropped). Some hardware allow you to set an MPLS MTU that is larger than L2 MTU, in order to reduce fragmentation. (See Baby Giants)

The problems are not always obvious because only packets that are very close in size to the maximum MTU, when adding extra encapsulation will become larger in size than the allowed MTU. Usually, normal pings are smaller and don’t get dropped. A better way to test it is to use large ping packets with the DF bit set:

R# ping IP-ADDR size 1500 df-bit

Actually, this is the method used by the Path MTU Discovery (PMTUD) process. In order to avoid fragmentation, which adds additional delay, a host that supports PMTUD can discover what is the largest MTU on the path to the destination, and only send packets large enough not to be fragmented or dropped. You can enable this functionality when a router is the sender with:

R(config)# ip tcp path-mtu-discovery [age-timer TIMER|infinite]

Last updated