Re: What do you consider acceptable packet / session modification for a network operator?

[William Herrin via NANOG <nanog () lists nanog org>]

On Tue, Dec 30, 2025 at 9:24 AM nanog--- via NANOG
<nanog () lists nanog org> wrote:
> I thought 9000-byte MTU wasn't used on LANs due to the headache of ensuring every single device on the LAN has the 
> same MTU.
>
> You don't need PMTUD to work on the internet to use longer packets in your LAN. The "packet too big" reply only has 
> to make it from *your* edge router back to *your* server through *your* network.
>
> But every host and switch in an Ethernet must agree on MTU because there's no Ethernet-layer PMTUD.

Actually, they only have to agree on the MRU and the upper level
protocols just about always provide mechanisms to assure the packets
they emit won't exceed the recipient's MRU. It's not -quite- that
simple but it's simple enough that but for PMTUD being broken on the
Internet we could have moved to 9k MTUs by now.

Interestingly, AWS VPCs mostly have moved to 9k MTUs. Check your EC2 instance:

$ ifconfig -a
ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001

The Blackfoot firewalls that implement NAT between the VPCs and the
Internet do MSS clamping so that they don't have to rely on PMTUD for
TCP to work. Do a tcpdump on both sides. You'll see the MSS leave your
EC2 instances in the upper 8000's but arrive at the other end clamped
below 1500. Inside the VPC of course, they work at 9k.

Regards,
Bill Herrin


-- 
For hire. https://bill.herrin.us/resume/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/WVYTYINW5A3GMJHNLTRULAB6MJDYOSJG/