[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Internet Web Server - What is the optimized MTU?

Posted on 2002-03-04
Medium Priority
Last Modified: 2013-11-29


   I have a Linux Web Server in a hosting facility connected to the Internet on multiple T1/E1 leased lines. I was reading about MTU / MSS and fragmentation, etc.

Since my web server services all types of clients on the net e.g dial-ups, ISDNs, DSLs, corporate LANs, etc..
wouldn't the default Ethernet MTU of 1500 bytes cause datagrams to be fragmented when the IP datagrams are delivered to e.g. dial-up clients with MTU of 576 bytes ?
This would result in slower delivery, but if the Don't Fragment (DF) flag was instead checked, it would also cause problems if the ICMP packets could not make it back to the server?

How is this handled in the "real-world" Internet?
And what is the optimized settings for the MTU of my web server..??

Please advice... Thxs

Question by:thiamwah
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

n0thing earned 300 total points
ID: 6839694
I would suggest you just to leave the default MTU of 1500 alone. Since you're serving many different clients, changing the default MTU will affect many more clients on faster connection, and reducing it won't help the clients on dialup connections either. The IP stacks of the clients connecting to your server will auto-negotiate the Windows size (MTU) depending on his connection, so you don't have to worry about that.


Expert Comment

ID: 6839828
I have never personally configured it, but I know that many web site administrators use path MTU.  This is a method of determining the largest MTU in the path from server to client by sending out the first packet with a large size and the DF bit set.  Any devices in the path with smaller MTU will respond via ICMP and tell the server what size it can handle.  The server can then send at the optimum size for the path.

I will say though that this opens up a large can of worms, as some ICMP packets will get blocked by customer firewalls and you will need to open up certain ICMP types to your web server through your firewall.  Many times, this will cause failed sessions and irate customers.  However it is still used fairly often these days.

Other than that, I would stick with 1500.
LVL 24

Expert Comment

ID: 6839930
I'll go along with the use of default, to keep it simple. Unless you know otherwise for specific platforms.

I want to believe either highest or lowest value can add value, depending on environment, and that the parameter max ought to be a little higher than most set it, but it depends on vendor, mixture, and whether or not headers are counted.

But real world not that way. I've seen where people have reconfigured their client's MTU to reduce jobs from hours to minutes, one going higher, another lower. Go figure. Any case, it is one of those tuning things that it helps to experience first hand. One hopes default accounts for that.

A related client example is that at least one shrinkwrap vendor for remote management had one version tuned quite well for a Netware environment, but it was slow for their TCP/IP upgrade, so they changed the parameter (impacting Netware).

What you may want to check out if curious is MTU for token Ring vs ethernet. Most now use the ethernet max (lower). MSS is typically MTU minus TCP&IP 40 byte header. Connections are further discussed in RFC 1191. Many find easier reading, in general, through certain publishers like O'Reilly and New Riders.

The tuning game of parameters can vary based on servers, platforms and router capability. Older systems are more likely to provide better performance with the lower values than newer systems.

> dial-up clients with MTU of 576 bytes ?

What if.. WAN has MTU at 520 (with 500 data)? IP spec is 576 min datagram. Since size can be negotiable, rule of thumb is that the better overall is highest value that is permitted for most of the paths.

On significance, we had server moved to route via gigabit, a dramatic speed increase. Application that had taken minutes began to take hours. Adjusting MTU in Windoze restored the response time for the application. So you are correct in assuming the parameters can impact performance.

IMO, best overall is to go with defaults like this unless you know otherwise. You can always set up tests of alternatives, for specific situations, and reconfigure accordingly. Generally, it runs better at higher values, and better at values that are set the same for the most communicators.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 24

Expert Comment

ID: 6839943
> And what is the optimized settings for the MTU of my web server..??

Interesting side question... for those with many servers, and load balancing implemented, would they try to specialize by having tuned one server with one MTU, another with another...

Author Comment

ID: 6840424
I have never personally configured it, but I know that many web site administrators use path MTU.  This
is a method of determining the largest MTU ...

I read up on Path MTU. Pretty cool :)
Is path MTU negotiated for every Internet client that attempts to connect to my server ? Wouldn't that add quite a bit of overhead to the whole process..??

LVL 16

Expert Comment

ID: 6841698
No, Path MTU is -- right or wrong -- considered to be a security problem on the internet and it may or may not help you because all routers between you and the requestor would need to be configured to support it and I can pretty much guarantee that they won't.

As sunbow points out, you can dramatically alter performance using this parameter under certain conditions. But GENERALLY those "conditions" don't exist in a public network . . . conditions such as predictability of packet size (for example if 99.9% of the volume of your traffic was in 128byte chunks -- like my network -- altering MTU would have no effect. On the other hand if you have lots of huge web pages to dump to the internet, you'd see performance improvements with larger packet sizes. But this is so general that it's almost useless.

Lots of serious people put protocol analyzers at different points in their network to determine just what the packet size mix actually is and then adjust the MTU accordingly.

Ethernet default MTU is 1500 bytes on most operating systems including NT. One interesting fact is that NT uses a default MTU of 576 bytes if the destination network is different from the source network. In other words when I FTP a file from to an MTU of 1500 bytes is used. When I FTP a file from to the MTU gets set to 576 bytes because Microsoft decided that if you are doing something like this you must be traversing the internet and they want to be good internet non-packet-fragmenting neighbors. But if is on a 100mbit network segment attatched to a router with an ATM card with a network address of then a 576 byte MTU is pretty inefficient . . . for FTP anyway.

Good luck.
LVL 16

Expert Comment

ID: 6841780
"No" is my answer to your question about whether every connection inbound on your server does path MTU discovery. And MTU is NOT negotiated, path MTU simply reports back to the originator what the smallest MTU for the path is and your machine sets MTU for that value . . . I suppose that is technically some form of negotiation . . . But negotiation to me means that all parties involved agree on a value, whereas path MTU discovery simply finds out what's there and reports back.

LVL 24

Expert Comment

ID: 6889692
[closed mar 6th]

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question