MTU and fragmentation explained

Topic: Networking basics

MTU is the maximum size of a packet on a link; larger packets may be fragmented or dropped. Use this when you see connectivity that works for small packets but fails for large (e.g. large uploads or specific sites) or when tuning performance and path MTU.

Intent: How-to

Quick answer

  • MTU is the max IP packet size (e.g. 1500 on Ethernet). If a packet exceeds the path MTU (smallest MTU along the path), it may be fragmented (IPv4) or dropped with ICMP too big (IPv6 or IPv4 with DF set).
  • Symptoms of MTU issues: small packets work (ping), large packets fail; or only certain destinations fail. Fix: reduce MTU on the interface (e.g. 1400) to fit the path, or fix the path (VPN, tunnel) to allow larger MTU.
  • Discover path MTU: ping with large size and DF (ping -M do -s 1400 DEST). If you get fragmentation needed or no reply, reduce size until it works; that size plus 28 (IP+ICMP header) is safe path MTU. Or use tracepath -n DEST.

Prerequisites

Steps

  1. Understand MTU and path MTU

    Each link has an MTU (e.g. 1500 bytes). Path MTU is the minimum MTU along the path. Packets larger than path MTU are fragmented (if allowed) or dropped with ICMP need to frag (if DF set).

  2. Find path MTU

    ping -M do -s SIZE DEST; increase SIZE until you get no reply or 'fragmentation needed'. Safe payload is (SIZE that works); path MTU is that plus 28. Or use tracepath -n DEST to see path MTU.

  3. Fix MTU issues

    Reduce interface MTU (e.g. ip link set dev eth0 mtu 1400) so outgoing packets fit the path. Common on VPN or PPPoE where overhead reduces effective MTU. Set on both ends if needed for symmetric path.

  4. TCP and MSS

    TCP negotiates MSS (max segment size) so segments fit in path MTU. If path MTU changes (e.g. after VPN connect), TCP may need to re-probe (some stacks do this). Reducing interface MTU reduces MSS and avoids black holes.

Summary

MTU limits packet size on a link; path MTU is the minimum along the path. Use ping with DF to find path MTU; reduce interface MTU if needed. Use this when large packets fail or when tuning over VPN or tunnels.

Prerequisites

Steps

Step 1: Understand MTU and path MTU

MTU is per-link; path MTU is the minimum. Packets over path MTU are fragmented or dropped.

Step 2: Find path MTU

Use ping -M do -s SIZE or tracepath to find the largest size that works; derive path MTU.

Step 3: Fix MTU issues

Reduce interface MTU so packets fit the path (e.g. 1400 for VPN or PPPoE).

Step 4: TCP and MSS

TCP uses MSS to fit path MTU; reducing interface MTU reduces MSS and avoids black holes.

Verification

You can find path MTU and fix connectivity for large packets by setting MTU or fixing the path.

Troubleshooting

Only large uploads fail — Path MTU issue; reduce MTU or fix path. VPN breaks some sites — VPN adds overhead; set tunnel or inner MTU lower (e.g. 1400).

Next steps

Continue to