• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1497
  • Last Modified:

How MTU negotation works between 2 devices

I would like to know how MTU negotiation takes place between the sending device & the receiving device.

If my firewall MTU is set to 1500 how the exact negotation takes place.
If the sending device is using MTU size of 1354 & the receiving device is set to MTU of 1500 what exaclty happens
0
SrikantRajeev
Asked:
SrikantRajeev
1 Solution
 
francrlCommented:
If the one device is sending large than the othe is receiving, the packet is "fragmented", basically broken into two. If the packet is set with the Do not fragment (DF) bit enabled then it just dropped
0
 
SrikantRajeevAuthor Commented:
how both the devices negotiate with each other
how the exact negotiaton happens
0
 
francrlCommented:
Routers maintain the MTU size of the next hop, if a packet is larger than the next hop can recieve it fragments it before fowrarding.

As for negototiation, I guess you're really asking about PMTU (Path Maximum Transmission Unit) Discovery. Not all devices are set for this, but if enabled this is generally how it works:

The sending host sends packets to the receipient with the DF bit set. If hits a router along the way that has a next hop mtu of less than the size that is currently set, it returns a ICMP Datagram Too Big message with the maximum size of the next hop. Sending host then lowers its MTU to the maximum size.

For all the details its described in RFC1191
http://www.faqs.org/rfcs/rfc1191.html
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
SrikantRajeevAuthor Commented:
I have my SMTP server behind Cisco ASA firewall.
I am not able to receive mail from one particular mail domain.
The error message I received is
" timeout after DATA (16317 bytes) from "

I am checking whether decreasing the MTU size will help in this solution.
Current MTU size is default 1500
0
 
francrlCommented:
This is a common error with asa smtp packet inspection. The only workaround I know of it to remove smtp inspection in the asa. Here is a post about it

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Postfix/Q_25335655.html

On a side note in response to your original question:

Here is a 1500 way to verify what the max mtu is the distant end can receive. Just ping with the DF bit set, and specify the packet size. It will take a bit to get the exact number, but basically just decrement/increment the size until you find the max.

ping (destination IP)  -f -l 1500

Example to 8.8.8.8

C:\Users\francrl>ping 8.8.8.8 -f -l 1500

Pinging 8.8.8.8 with 1500 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

C:\Users\codyfrancisco>ping 8.8.8.8 -f -l 1400

Pinging 8.8.8.8 with 1450 bytes of data:
Reply from 8.8.8.8: bytes=1450 time=878ms TTL=243
Reply from 8.8.8.8: bytes=1450 time=753ms TTL=243

Now you know its between 1500 and 1450. Next I'd try 1475 and go from there.
0
 
SrikantRajeevAuthor Commented:
regarding the esmtp option i have already removed it
so i dont think this will  be the problem.

Regarding the ping option which u have provided let me know check the same & will update you.
0
 
SrikantRajeevAuthor Commented:
I did as per ur suggestion

I got the below for 1500
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

1480
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

1470
No such reply

So is it ok if i set the value to 1470
What is the safest value to set. Safest is to set the lowest value or the highest value.
For example if IU set to 1354 is it ok ?


0
 
SrikantRajeevAuthor Commented:
one more query - my firewall is set to MTU 0f 1500
but if do the test with 1500 &  1480 why it is saying packet needs to be fragmented.
I have my MTU 1500 so anythig above 1500 should be fragmented.
Please correct if i am wrong
0
 
avcontrolCommented:
Basically MTU is used between devices to minimize packets processing time/CPU usage.
If it is too big- it will be fragmented to smaller size (mostly done by router configuration, during packet transfer).
If it is too small- it will be sending more often, then it would be deal with "normal" size.
All those details and variation will introduce, either reduce latency/speed.
For PPP/VPN you should pay close attention to MTU size, most of other - no need to worry about, will have practically no effect on performance.
I used "kperf" bandwidth measure software to determine what would be the best MTU on a network, across VPN and so on.
It done between PC-to-PC, and on mean time I would do modification on router , see exact impact on performance.

0
 
francrlCommented:
"one more query - my firewall is set to MTU 0f 1500
but if do the test with 1500 &  1480 why it is saying packet needs to be fragmented.
I have my MTU 1500 so anythig above 1500 should be fragmented.
Please correct if i am wrong"

Your setting on the firwall means that it sends/recieve at an MTU of 1500. If you ping the firewall using the same command it should respond to an mtu of 1500 without fragmenting. Assuming you don't have another device (router, l3 switch, etc) in the path that has a lower setting.
The test you did here was to the destination server right? The result means some router (device) along the way could not accept 1500 mtu.
0
 
SrikantRajeevAuthor Commented:
The test what i did was to the router IP where the MTU size is 1500.
The same result happened to my server behind the firewall.
0
 
docbertCommented:
For the most part, all of the answers are wrong in the context of the question asked...

Yes, there are concepts like Fragmentation and the "DF" bit.  And yes, these will be used when you run ping, or if the lower MTU is on a host/router _between_ the two endpoints.

However in the situation that one of the two end-points has a lower MTU than the other, and where you're talking TCP (rather than ping/ICMP, etc) the two endpoints will actually Negotiate the correct MTU, being the smaller of the MTU between the two of them.

This happens as a part of TCP. When the two hosts open the TCP connection they include their own MTU within the SYN packet, so each host is then aware of their own MTU plus that of the other end.  Both ends will then set the MTU for that connection to be the lower of either their own MTU, or the one from the other host.

If there is a host/router between the two endpoints that has a smaller MTU than the endpoints, then obviously this won't work. There's two solution if this happens - either the packet can be fragmented into 2 (or more) smaller packets, or a process called "MTU Path Discovery" can be used.  Google will give you plenty of information on MTU Path Discovery, but basically it's where the endpoint hosts use the "Do Not Fragment" flag to guess the optimum MTU to be used for the "path" between the two hosts.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now