Skip to main content
Cisco Meraki

Troubleshooting MTU Issues

MTU

The Maximum Transmission Unit (MTU) is the maximum frame size that can be sent between two hosts without fragmentation. The MX uses an MTU size of 1500 bytes on the WAN interface. When a packet is sent from a local host to a host in a remote network, the frame may traverse multiple router hops. If an intermediate router is configured with an MTU size that is too small and the IP header in the datagram has the "Do-not-fragment" bit set, the router informs the sender of an unacceptable maximum packet size with an ICMP "Destination Unreachable-Fragmentation Needed and DF Set" message. The sender will then transmit a smaller frame taking into account the smaller MTU size.

Some routers are configured to drop certain ICMP traffic. If the ICMP error message never makes it back to the sender, it can cause intermittent connectivity issues between the source and destination hosts. 

Troubleshooting

Here are some steps you can take when dealing with an MTU issue.

  1. Make sure your routers do not drop ICMP "Destination Unreachable-Fragmentation Needed and DF Set" messages.
  2. If your router is set to 1500 bytes, try hardcoding it to a smaller size.
  3. Hardcode your clients with a smaller MTU size.
  4. Use DHCP option 26 to set the clients to a smaller MTU size.

 

Note: Please contact Meraki support to modify the MTU size on the WAN link of the MX. The MX does not support Jumbo frames so the MTU cannot be adjusted above 1500.

Ping

Ping can be used to find an acceptable MTU size. Make sure to take into account the 28 bytes for the IP and ICMP headers by subtracting from the packet size. 

Windows
ping www.meraki.com -l 1472 -f

This command will ping host www.meraki.com with 1472 bytes of data and set the "Do-not-fragment" bit. This assumes that you are testing a 1500 byte IP datagram minus the 28 bytes of overhead (IP header). If the results of the ping come back "Packet needs to be fragmented but DF set" try lowering the size of the packet until you receive a successful reply from the destination.

Mac OSX
ping www.meraki.com -s 1472 -D

This command will ping host www.meraki.com with 1472 bytes of data and set the "Do-not-fragment" bit. This assumes that you are testing a 1500 byte IP datagram minus the 28 bytes of overhead (IP header). If the results of the ping come back "Packet needs to be fragmented but DF set" try lowering the size of the packet until you receive a successful reply from the destination.

Additional Resources

For more information on MTU issues, visit the links below

Path MTU Discovery

Recommended TCP/IP settings for WAN links with a MTU size of less than 576

RFC 1191 - Path MTU Discovery

 

  • Was this article helpful?