How to check supported MTU value for destination system and/or intermediate network ?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (All versions)

Issue

  • How to test a particular MTU value is support?
  • How I can check if this MTU size is supported by each Network Card?
  • Is there any checklist to verify our environment is prepared for enable MTU change?
  • How to test the custom Jumbo Frames are supported?

Resolution

ⓘ Important ⓘ

  • MTU tests must be done in both directions from each system in order to fully confirm Path MTU. The client will send "ICMP Echo Request" with Do-Not-Fragment set (ip.flags.df=1) however the "ICMP Echo Response" might not have Do-Not-Fragment set.
  • If ICMP Echo traffic is enabled on the network and systems, then use ping or tracepath (or both).
  • If ICMP Echo is blocked, then use tracepath.
  • The external network must return "ICMP Fragmentation Needed and DF Set" messages to detect Path MTU.

ping command (ICMP)

# ping -M do -s 1472 DESTINATION
# ping -M do -s 8972 DESTINATION

There is an overhead of 28 bytes for the packet size, 8 bytes for ICMP header and 20 bytes for the IPv4 Header, so subtract 28 bytes from the MTU to test. MTU 1500 minus 28 equals 1472. MTU 9000 minus 28 equals 8972.

By adjusting the -s size value it is possible to find the supported Path MTU value in the network.

Verification

If the MTU is configured on the client system and on the destination, everything is working, the output will be:

PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx): 8184 data bytes
8192 bytes from xxx.xxx.xxx.xxx: icmp_seq=0 ttl=128 time=0.714 ms

If the MTU value is not configured on the client system, the output will be:

PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx): XXXX data bytes
ping: sendto: Message too long

If the MTU value is configured on the client system but not on the destination, and the destination's response sets Do-Not-Fragment, the output will be:

PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx): XXXX data bytes
Request timeout for icmp_seq 0

tracepath (UDP)

# tracepath DESTINATION

Tracepath sends with a large packet size and relies on "ICMP Fragmentation Needed and DF Set" messages to calculate the Path MTU.

If the external network does not provide "ICMP Fragmentation Needed and DF Set" messages, the packet size can be manually set:

# tracepath -l 1500 DESTINATION
# tracepath -l 9000 DESTINATION

There is no need to manually calculate a difference from the MTU.

Verification

If the network is working and provides ICMP responses, the output will look like:

 1?: [LOCALHOST]                      pmtu 1500
 2:  hop.example.com                  21.818ms 
 3:  192.0.2.62                       12.390ms
 4:  192.0.2.116                      14.193ms
 5:  192.0.2.15                       12.575ms
     Resume: pmtu 1500 hops 5 back 5

The calculated Path MTU is printed like pmtu 1500.

If the network is not working, or the network does not provide ICMP responses at all, the output will be:

# tracepath DESTINATION
 1:  no reply
 2:  no reply
 3:  no reply
 4:  no reply

End the command with the Ctrl+c keypress.

It is possible that some hops of the network path will provide ICMP responses so they will provide a printed hop, while other hops of the network path will not provide ICMP responses so they will say no reply.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments