Troubleshooting MTU Issues
MTU
The Maximum Transmission Unit (MTU) is the maximum frame size that can be sent between two hosts without fragmentation. The MX uses an MTU size of 1500 bytes on the WAN interface. When a packet is sent from a local host to a host in a remote network, the frame may traverse multiple router hops. If an intermediate router is configured with an MTU size that is too small and the IP header in the datagram has the "Do-not-fragment" bit set, the router informs the sender of an unacceptable maximum packet size with an ICMP "Destination Unreachable-Fragmentation Needed and DF Set" message. The sender will then transmit a smaller frame taking into account the smaller MTU size.
Some routers are configured to drop certain ICMP traffic. If the ICMP error message never makes it back to the sender, it can cause intermittent connectivity issues between the source and destination hosts.
Troubleshooting
Here are some steps you can take when dealing with an MTU issue.
- Make sure your routers do not drop ICMP "Destination Unreachable-Fragmentation Needed and DF Set" messages.
- If your router is set to 1500 bytes, try hardcoding it to a smaller size.
- Hardcode your clients with a smaller MTU size.
- Use DHCP option 26 to set the clients to a smaller MTU size.
- If your packet is traversing over Auto VPN, you will need to account for up to 69 bytes of overhead when determining MTU size (the overhead size will vary depending on the packet size).
Note: Please contact Meraki support to modify the MTU size on the WAN link of the MX. The MX does not support Jumbo frames so the MTU cannot be adjusted above 1500. The MTU value on the LAN-side of the MX is also 1500.
Note: Max MTU for PPPoE uplink will be 1492 = 1500-8 bytes PPPoE header, and cannot be adjusted to a higher value.
Ping
Ping can be used to find an acceptable MTU size. Make sure to take into account the 28 bytes for the IP and ICMP headers by subtracting from the packet size.
Windows
ping www.meraki.com -l 1472 -f
This command will ping host www.meraki.com with 1472 bytes of data and set the "Do-not-fragment" bit. This assumes that you are testing a 1500 byte IP datagram minus the 28 bytes of overhead (IP header). If the results of the ping come back "Packet needs to be fragmented but DF set" try lowering the size of the packet until you receive a successful reply from the destination.
Mac OS X
ping www.meraki.com -s 1472 -D
This command will ping host www.meraki.com with 1472 bytes of data and set the "Do-not-fragment" bit. This assumes that you are testing a 1500 byte IP datagram minus the 28 bytes of overhead (IP header). If the results of the ping come back "Packet needs to be fragmented but DF set" try lowering the size of the packet until you receive a successful reply from the destination.
Additional Resources
For more information on MTU issues, visit the links below:
Recommended TCP/IP settings for WAN links with an MTU size of less than 576