Understanding and Fixing MTU/MRU Issues: Causes, Impacts, and Modern Solutions for Network Engineers


3 views

MTU (Maximum Transmission Unit) and MRU (Maximum Receive Unit) define the largest packet size a network interface can handle without fragmentation. When mismatched or misconfigured, they cause packet loss, retransmissions, and latency spikes - often misinterpreted as "slow internet".

Consider this real-world scenario:


# Typical symptoms in ping tests
$ ping -M do -s 1472 example.com
# If packets > actual MTU: "Frag needed and DF set" errors

The critical failure chain:

  1. Your device sends 1500-byte packets (standard Ethernet MTU)
  2. Intermediate network (e.g., PPPoE, VPN) only handles 1492 bytes
  3. Packets get silently dropped instead of fragmented (DF flag set)
  4. TCP retransmits after timeout, killing throughput

Forget the old iptables hacks. Here's how to properly diagnose:


# Linux: Discover path MTU
$ tracepath example.com
$ ping -M do -s 1500 example.com  # Decrease until success

# Windows equivalent:
> netsh interface ipv4 show subinterfaces
> ping -f -l 1500 example.com

For developers: Implement PMTUD (Path MTU Discovery) properly:


// C example: Enable PMTUD on sockets
int val = IP_PMTUDISC_DO;
setsockopt(sock, IPPROTO_IP, IP_MTU_DISCOVER, &val, sizeof(val));

For sysadmins: Configure interfaces correctly:


# Linux: Set MTU permanently (e.g., for PPPoE)
$ nmcli connection modify "Wired" ethernet.mtu 1492

# Cisco devices:
interface GigabitEthernet0/1
 mtu 1492

The much-misunderstood TCP MSS adjustment:


# Only needed when you CAN'T change MTU (e.g., complex VPN setups)
$ iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Key insight: This modifies TCP SYN packets during handshake to advertise smaller segment sizes, preventing fragmentation downstream.

AWS/GCP networking quirks:


# AWS ENI MTU limitations
$ ip link set dev eth0 mtu 9001  # For Jumbo frames

Always verify cloud provider docs - some overlay networks impose hard MTU limits.

When troubleshooting network connectivity problems, many engineers hastily blame "MTU/MRU issues" without fully understanding the underlying mechanisms. This often leads to ineffective solutions like blind iptables tweaks or arbitrary MTU clamping that may not address the root cause.

MTU (Maximum Transmission Unit) refers to the largest packet size a network interface can transmit, while MRU (Maximum Receive Unit) defines the largest packet it can receive. Common default values:


# Common default values
Ethernet: 1500 bytes
PPPoE: 1492 bytes
VPN (OpenVPN): 1500 (tun) or 1472 (tap)

The real issue occurs when packets exceed the path MTU (the smallest MTU along the network path) without proper fragmentation handling. Symptoms include:

  • Connection hangs during large transfers
  • HTTP requests failing for larger pages
  • VPN tunnels dropping unexpectedly
  • Intermittent packet loss that worsens with larger payloads

Instead of guessing, use these precise diagnostic methods:


# Linux path MTU discovery
ping -M do -s 1472 example.com  # Start high and decrease until success

# Windows equivalent
ping -f -l 1472 example.com

# Checking current interface settings
ip link show eth0 | grep mtu
netsh interface ipv4 show subinterfaces  # Windows

For application developers:


// C++ socket option for MTU discovery
int optval = IP_PMTUDISC_DO;
setsockopt(sockfd, IPPROTO_IP, IP_MTU_DISCOVER, &optval, sizeof(optval));

// Python equivalent (Linux only)
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.IPPROTO_IP, socket.IP_MTU_DISCOVER, socket.IP_PMTUDISC_DO)

For network administrators:


# Permanent MTU setting (Linux)
nmcli connection modify eth0 ethernet.mtu 1492
nmcli connection up eth0

# Windows PowerShell
Set-NetIPInterface -InterfaceAlias "Ethernet" -NlMtuBytes 1492

Modern networks introduce additional complexity:

  • Cloud environments often have hidden MTU limitations
  • Container networking may require special MTU adjustments
  • IPv6 requires different handling (1280 byte minimum MTU)
  • Jumbo frames (9000 bytes) need end-to-end support

Best practices for different scenarios:


# Allow fragmentation but prevent black holes (Linux)
iptables -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

# For OpenVPN configurations
tun-mtu 1500
mssfix 1460