MTU: Maximum Transmission Unit Explained

MTU (Maximum Transmission Unit) is the largest packet size that can be transmitted over a network link without fragmentation. Understanding MTU is crucial for network performance, troubleshooting connectivity issues, and optimizing data transfer. This comprehensive guide explains MTU, common values, configuration, and troubleshooting.

What is MTU?

MTU is the maximum size of a single packet that can be transmitted over a network interface or link. Any packet larger than the MTU must be fragmented into smaller pieces.

MTU Basics

Definition:

MTU: Maximum packet size in bytes
Includes: IP header + payload
Excludes: Layer 2 headers (Ethernet frame)
Unit: Bytes

Packet structure:

Ethernet Frame (1518 bytes max):
┌──────────────┬──────────────┬─────────────┬─────┐
│ Ethernet Hdr │  IP Header   │   Payload   │ FCS │
│  (14 bytes)  │  (20 bytes)  │ (1460 bytes)│(4 B)│
└──────────────┴──────────────┴─────────────┴─────┘
                ↑─────────────────────────────↑
                      MTU (1500 bytes)

Layer breakdown:

Layer 2 (Ethernet): 1518 bytes total frame
Layer 3 (IP): 1500 bytes MTU
Layer 4 (TCP): 1460 bytes MSS (Maximum Segment Size)

Calculation:
Ethernet frame: 1518 bytes
- Ethernet header: 14 bytes
- FCS: 4 bytes
= MTU: 1500 bytes

MTU: 1500 bytes
- IP header: 20 bytes
- TCP header: 20 bytes
= MSS: 1460 bytes

Common MTU Values

Standard MTU Sizes

Ethernet:

Standard: 1500 bytes
Most common: Default for most networks
History: Defined in 1980s
Compatibility: Universal

Jumbo Frames:

Size: 9000 bytes (common)
Range: Up to 9216 bytes
Use: Data centers, storage networks
Requirement: All devices must support
Benefit: Fewer packets, less overhead

PPPoE (Point-to-Point Protocol over Ethernet):

MTU: 1492 bytes
Overhead: 8 bytes (PPPoE header)
Common: DSL connections
Calculation: 1500 - 8 = 1492

VPN:

Typical: 1400-1450 bytes
Overhead: Encryption headers, tunneling
Varies: By VPN protocol
Examples:
- IPsec: ~1400 bytes
- OpenVPN: ~1400-1450 bytes
- WireGuard: ~1420 bytes

Mobile networks:

3G/4G: 1500 bytes (typically)
5G: 1500 bytes (typically)
Varies: By carrier and technology

Other technologies:

Token Ring: 4464 bytes
FDDI: 4352 bytes
ATM: 9180 bytes
802.11 (WiFi): 2304 bytes (frame), 1500 bytes (IP MTU)

IPv4 vs IPv6

IPv4:

Minimum MTU: 68 bytes (required)
Standard: 1500 bytes
Header: 20 bytes (minimum)
Fragmentation: Allowed

IPv6:

Minimum MTU: 1280 bytes (required)
Standard: 1500 bytes
Header: 40 bytes (fixed)
Fragmentation: Only at source

Comparison:

IPv4 minimum: 68 bytes (very small)
IPv6 minimum: 1280 bytes (reasonable)
Reason: IPv6 discourages fragmentation
Impact: All IPv6 links must support 1280 bytes

MTU and Performance

Impact on Performance

Larger MTU (Jumbo Frames):

Advantages:
- Fewer packets for same data
- Less header overhead
- Reduced CPU usage
- Higher throughput
- Better for large transfers

Disadvantages:
- Requires universal support
- One incompatible device breaks it
- Larger packets more susceptible to errors
- Not suitable for internet

Example:

Transfer 9000 bytes:

Standard MTU (1500):
- Packets: 6 packets
- Headers: 6 × 40 bytes = 240 bytes overhead
- Efficiency: 97.4%

Jumbo frames (9000):
- Packets: 1 packet
- Headers: 1 × 40 bytes = 40 bytes overhead
- Efficiency: 99.6%

Improvement: 2.2% more efficient

Smaller MTU:

Advantages:
- Better for lossy networks
- Faster retransmission
- Less impact per lost packet

Disadvantages:
- More packets
- More overhead
- Higher CPU usage
- Lower throughput

Overhead Calculation

Header overhead:

Ethernet: 14 bytes + 4 bytes FCS = 18 bytes
IP: 20 bytes (IPv4) or 40 bytes (IPv6)
TCP: 20 bytes (minimum)

Total overhead per packet:
IPv4: 18 + 20 + 20 = 58 bytes
IPv6: 18 + 40 + 20 = 78 bytes

Efficiency:

MTU 1500 (IPv4):
Payload: 1500 - 20 - 20 = 1460 bytes
Total: 1500 + 18 = 1518 bytes
Efficiency: 1460 / 1518 = 96.2%

MTU 9000 (IPv4):
Payload: 9000 - 20 - 20 = 8960 bytes
Total: 9000 + 18 = 9018 bytes
Efficiency: 8960 / 9018 = 99.4%

Path MTU Discovery (PMTUD)

How PMTUD Works

Purpose:

Discover smallest MTU along path
Avoid fragmentation
Optimize packet size
Automatic adjustment

IPv4 PMTUD:

1. Send packet with DF (Don't Fragment) flag
2. If packet too large:
   - Router drops packet
   - Router sends ICMP "Fragmentation Needed" (Type 3, Code 4)
   - Message includes next-hop MTU
3. Source reduces packet size
4. Retry with smaller packet
5. Cache MTU for destination

IPv6 PMTUD:

1. Send packet (routers never fragment)
2. If packet too large:
   - Router drops packet
   - Router sends ICMPv6 "Packet Too Big" (Type 2)
   - Message includes next-hop MTU
3. Source reduces packet size
4. Retry with smaller packet
5. Cache MTU for destination

Example:

Source MTU: 1500 bytes
Link 1: 1500 bytes ✓
Link 2: 1400 bytes ✗ (packet too large)
Router: Sends ICMP with MTU 1400
Source: Reduces to 1400 bytes
Link 2: 1400 bytes ✓
Result: Successful transmission

PMTUD Issues

ICMP black hole:

Problem:
- Firewall blocks ICMP
- No "Fragmentation Needed" message received
- Source doesn't know to reduce size
- Connection hangs

Symptoms:
- Small transfers work
- Large transfers fail
- Connection timeout

Solution:
- Allow ICMP Type 3 Code 4 (IPv4)
- Allow ICMPv6 Type 2 (IPv6)
- Reduce MTU manually
- Use MSS clamping

Asymmetric paths:

Forward path: MTU 1500
Return path: MTU 1400
PMTUD: May not discover return path MTU
Result: Potential issues

MTU Configuration

Checking Current MTU

Linux:

# Show MTU for all interfaces
ip link show

# Specific interface
ip link show eth0

# Or
ifconfig eth0

# Output example:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500

Windows:

# Show MTU
netsh interface ipv4 show interfaces

# Or
ipconfig /all

# PowerShell
Get-NetAdapter | Select-Object Name, MTUSize

macOS:

# Show MTU
ifconfig en0

# Or
networksetup -getMTU en0

Setting MTU

Linux (temporary):

# Set MTU
sudo ip link set dev eth0 mtu 1450

# Verify
ip link show eth0

Linux (permanent):

# Debian/Ubuntu (/etc/network/interfaces)
auto eth0
iface eth0 inet dhcp
    mtu 1450

# RHEL/CentOS (/etc/sysconfig/network-scripts/ifcfg-eth0)
MTU=1450

# NetworkManager
nmcli connection modify eth0 802-3-ethernet.mtu 1450

# Apply
sudo systemctl restart networking

Windows:

# Set MTU (requires admin)
netsh interface ipv4 set subinterface "Ethernet" mtu=1450 store=persistent

# Or PowerShell
Set-NetIPInterface -InterfaceAlias "Ethernet" -NlMtuBytes 1450

macOS:

# Set MTU (temporary)
sudo ifconfig en0 mtu 1450

# Permanent (Network Preferences)
# System Preferences → Network → Advanced → Hardware → MTU

Router (Cisco):

interface GigabitEthernet0/0
 ip mtu 1450
 ipv6 mtu 1450

MTU for Specific Scenarios

PPPoE:

# Set MTU to 1492
sudo ip link set dev pppoe0 mtu 1492

# MSS clamping (iptables)
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452

VPN:

# OpenVPN (client config)
tun-mtu 1400
mssfix 1360

# WireGuard
MTU = 1420

Jumbo frames:

# Enable jumbo frames (9000 bytes)
sudo ip link set dev eth0 mtu 9000

# Verify all devices support jumbo frames
# Test with ping
ping -M do -s 8972 target-host

Testing MTU

Ping Test

Find maximum MTU:

# Linux
ping -M do -s 1472 example.com

# Windows
ping -f -l 1472 example.com

# macOS
ping -D -s 1472 example.com

# Explanation:
# -M do / -f / -D: Don't fragment
# -s / -l: Packet size (data only)
# 1472 + 28 (IP + ICMP headers) = 1500 bytes

Binary search for MTU:

# Start high
ping -M do -s 1472 example.com  # 1500 MTU
# If fails, try lower
ping -M do -s 1372 example.com  # 1400 MTU
ping -M do -s 1422 example.com  # 1450 MTU
# Continue until you find maximum working size
# Add 28 to get MTU

Common test sizes:

1472 bytes: 1500 MTU (Ethernet)
1464 bytes: 1492 MTU (PPPoE)
1422 bytes: 1450 MTU (VPN)
1372 bytes: 1400 MTU (conservative VPN)

tracepath

Discover path MTU:

# Linux
tracepath example.com

# Shows MTU at each hop
# Example output:
 1?: [LOCALHOST]                      pmtu 1500
 1:  router.local                      0.5ms
 2:  isp-gateway                       5.2ms pmtu 1492
 3:  core-router                      12.3ms
 4:  example.com                      20.1ms reached
     Resume: pmtu 1492 hops 4 back 4

MTU Testing Tools

iperf3:

# Server
iperf3 -s

# Client (test with different MTU)
iperf3 -c server-ip -M 1400

# -M: Set MSS (MTU - 40)

netcat:

# Send large data
dd if=/dev/zero bs=1M count=10 | nc server-ip 1234

# Monitor for fragmentation
tcpdump -n 'ip[6:2] & 0x1fff != 0'

MSS (Maximum Segment Size)

MSS vs MTU

Relationship:

MSS = MTU - IP header - TCP header

IPv4:
MSS = MTU - 20 - 20 = MTU - 40

IPv6:
MSS = MTU - 40 - 20 = MTU - 60

Example (MTU 1500):
IPv4 MSS: 1500 - 40 = 1460 bytes
IPv6 MSS: 1500 - 60 = 1440 bytes

MSS negotiation:

TCP handshake:
Client → SYN (MSS: 1460)
Server → SYN-ACK (MSS: 1460)
Both use: Minimum of advertised values
Result: No fragmentation for TCP

MSS Clamping

Purpose:

Modify MSS in SYN packets
Prevent fragmentation
Useful for VPN, PPPoE
Transparent to endpoints

iptables (Linux):

# Clamp to PMTU
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

# Clamp to specific value
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400

# For local traffic
iptables -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400

Cisco:

interface GigabitEthernet0/0
 ip tcp adjust-mss 1400

Benefits:

Prevents fragmentation
Transparent to applications
No client configuration
Improves performance

Troubleshooting MTU Issues

Common Symptoms

Connection hangs:

Symptom: Connection establishes but hangs on data transfer
Cause: MTU too large, ICMP blocked
Test: Try smaller packets
Solution: Reduce MTU or allow ICMP

Slow performance:

Symptom: Slow transfers, packet loss
Cause: Fragmentation, MTU mismatch
Test: Monitor for fragments
Solution: Optimize MTU

Intermittent failures:

Symptom: Some sites work, others don't
Cause: Path MTU varies
Test: Test different destinations
Solution: Conservative MTU (1400)

Diagnostic Commands

Check for fragmentation:

# tcpdump
tcpdump -n 'ip[6:2] & 0x1fff != 0'

# Wireshark filter
ip.flags.mf == 1 || ip.frag_offset > 0

# Statistics
netstat -s | grep -i frag

Test connectivity:

# Ping with various sizes
for size in 1472 1400 1300 1200; do
    echo "Testing MTU $((size + 28)):"
    ping -M do -s $size -c 3 example.com
done

Trace path MTU:

# Linux
tracepath example.com

# Shows MTU at each hop
# Identifies bottleneck

Solutions

Reduce MTU:

# Conservative value (works almost everywhere)
sudo ip link set dev eth0 mtu 1400

# Test and adjust
# Start at 1400, increase if stable

Enable PMTUD:

# Ensure ICMP not blocked
# Allow ICMP Type 3 Code 4 (IPv4)
iptables -A INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT

# Allow ICMPv6 Type 2 (IPv6)
ip6tables -A INPUT -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT

MSS clamping:

# Clamp MSS for all forwarded traffic
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Best Practices

Network Design

1. Consistent MTU:

All links: Same MTU
Avoid: MTU mismatches
Document: MTU values
Test: End-to-end

2. Conservative defaults:

Internet-facing: 1500 bytes (standard)
VPN: 1400-1450 bytes
PPPoE: 1492 bytes
Internal: Can use jumbo frames

3. Enable PMTUD:

Allow: ICMP messages
Monitor: PMTUD failures
Fallback: MSS clamping

Configuration

1. Test before deploying:

Lab environment: Test MTU changes
Production: Gradual rollout
Monitor: Performance and errors
Rollback: Plan ready

2. Document settings:

Record: MTU values per link
Reasons: Why specific values chosen
Changes: Track modifications

3. Monitor:

Fragmentation: Watch for fragments
Performance: Track throughput
Errors: MTU-related issues

Application Development

1. Use TCP:

TCP: Handles MSS automatically
UDP: Must handle MTU manually
Prefer: TCP for reliability

2. Respect MTU:

Don't: Send packets larger than MTU
Do: Use appropriate packet sizes
Test: Various MTU values

3. Handle errors:

Detect: MTU issues
Retry: With smaller packets
Fallback: Reduce size

Conclusion

MTU is a fundamental network parameter that significantly impacts performance and reliability. Understanding MTU, configuring it correctly, and troubleshooting MTU-related issues are essential skills for network administrators and developers. While 1500 bytes is the standard for Ethernet, various technologies require different MTU values, and Path MTU Discovery helps optimize packet sizes across diverse networks.

Related Articles

Network Performance

• IP Fragmentation - Fragmentation issues
• Routing - Path MTU Discovery
• ICMP - PMTUD messages
• Network Troubleshooting - MTU problems

Network Types

• VPN Basics - VPN MTU
• IoT Networking - IoT MTU considerations
• Mobile IP - Mobile MTU

Protocols

• TCP/IP Model - Protocol stack
• IPv6 vs IPv4 - MTU differences

Explore More

• Networking Basics - Essential concepts

Key takeaways: - MTU: Maximum packet size without fragmentation - Standard: 1500 bytes (Ethernet) - Jumbo frames: 9000 bytes (data centers) - PPPoE: 1492 bytes - VPN: 1400-1450 bytes - IPv6 minimum: 1280 bytes - PMTUD: Discovers path MTU automatically - MSS: TCP's MTU equivalent (MTU - 40) - Fragmentation: Avoid through proper MTU - Testing: Ping with DF flag, tracepath - MSS clamping: Prevents fragmentation - Best practice: Consistent MTU, enable PMTUD

Proper MTU configuration is essential for optimal network performance. Use standard values (1500 bytes for Ethernet) unless specific requirements dictate otherwise. Enable Path MTU Discovery, allow necessary ICMP messages, and use MSS clamping for VPN and PPPoE connections. Test MTU thoroughly before deployment and monitor for fragmentation and performance issues.