This article will discuss all related topics to get you familiar with the CCIE 1.1.d IP MTU section.
When discussing IP MTU one needs to be familiar with the minimum values available:
IPv4 MTU – 68 – 64,000 Bytes
IPv6 MTU – 1280 to 64,000 (4GB possible)
The most common IP MTU you will find is 1500.
IP MTU is the IP header (v4 or v6) and everything inside of it.
For example, here are the sizes for a TCP or ICMP packet.
1. TCP PACKET:
IP header – 20 bytes
TCP header – 20 bytes
TCP payload – ranges from 1-1460
= MAX 1500
2. ICMP PACKET:
IP header – 20 bytes
ICMP header – 8 bytes
ICMP payload – ranges from 1-1472
= MAX 1500
UDP is very similar to the ICMP example as the UDP header is also 8 bytes.
Now we know IP MTU and what it means. It is the max size an IP packet can be as configured by us.
We cannot talk about IP MTU without also discussing ethernet MTU.
Again, when discussing IP MTU, it means IP header and everything above it. But what if we took the ethernet headers into account?
Note: In all of its reference commands, cisco does not include ethernet headers into accounting the MTU.
Here are values that you should know when calculating ethernet MTU:
Ethernet header with frame check sequence: 18 bytes
note: When caputing this in Wireshark, wireshark will not show the FCS so you will only see 14 Bytes for L2 header without dot1q.
802.1Q (VLAN) header: 4 bytes
Again, in wireshark you will see an ethernet header of 14 bytes, and a 802.1q header of 4 bytes, you are to assume the FCS of 4 more bytes is there but not seen.
Of course vlan tagging changes per link, whether we are tagging the frame or utilizing the native vlan feature.
Hence why the real ethernet MTU may fluctuate between 1518 and 1522 for max size payloads with default values.
However, all of that is for you to know, and not apply to the config. As Cisco configs reference Ethernet MTU as everything above the L2 headers.
Meaning if we were not carrying IP, but something like IPv6, or ARP, or CLNS, then Ethernet MTU would still apply. However if we were changing values for IP MTU,
then that value only applied to IP traffic routed through us, sourced from us, or destined to us. We would still be under the confinements of the Ethernet MTU settings.
You just need to be aware of both.
Basically, IP MTU can be equal to or less than the Ethernet MTU, but never more.
This gets EVEN MORE CONFUSING when testing for MTU issues on different platforms. A great example…
Say you were troubleshooting MTU from a windows machine, if you ping with the -l parameter, you need to take into account the IP and ICMP headers and make sure to test with
ping 18.104.22.168 -l 1472 -f , that is how you would send a ping to 22.214.171.124 with a payload of 1472 and a total IP MTU of 1500 (with don’t fragment bit set).
Now if you were on a Cisco router, you could just do ping 126.96.36.199 1500 df-bit, the router would take into account all of the headers and make sure to only send an ICMP packet with a payload of 1472, and the DF BIT in the ip header.
So when would you have a higher ethernet MTU than IP MTU? When you are using advanced techniques: MPLS, double vlan tag.
Then there are situations where you might lower the IP MTU and keep the ethernet MTU at 1500, again tunneling. This time things like IPSEC which need more room after the IP header for ESP or AH.
To increase the ethernet mtu for 1Gbps and 10Gbps interfaces on a Catalyst L3 switch we use the command
system mtu jumbo xxxx
To increase it for 10 and 100Mbps interfaces use
system mtu xxxx
To increase the IP MTU for routing, sourcing and replying to traffic, use
system mtu routing xxxx
How would you verify MTU on a catalyst L3 switch?
show system mtu
An excellent post by Narbik
Another blog post by shereif that hits all of the points I did (literally, it seems very similar, this guy is smart)