MTU, IPv4 PMTUD, IPv6 PMTUD

MTU

A maximum transmission unit (MTU) is the largest length of a packet that can be transmitted out of an interface toward a destination. When the word MTU is used plainly, we are typically referring to the interface MTU, but when talking about a protocol MTU (e.g IP MTU, MPLS MTU) we are typically referring to the maximum payload of the protocol itself.

TCP MSS

The TCP Maximum Segment Size (MSS) defines the maximum amount of data that a host is willing to accept in a single TCP/IP datagram. MSS values are set and used to limit TCP segment sizes, and therefore, IP datagram sizes.
• TCP MSS is automatically calculated by subtracting 40Bytes from MTU (20 Bytes IP + 20 Bytes TCP).
o As per defined RFC879 outs the MSS to 576, and hence the default TCP MSS to 536.
• The TCP syn packet carries the MSS option. Each side of the TCP session sends the MSS to the other.
• The negotiation of MSS does not happen in TCP three way handshake. Both the devices come to an agreement based on the minimum MSS value.

The calculation of TCP MSS value;
TCP MSS without MPLS = MTU (Outgoing Interface) – TCP HEADER – IP HEADER
TCP MSS over MPLS= MTU (Outgoing Interface) – TCP HEADER – IP HEADER – n*4 bytes (n is the number of labels)

Path MTU

When hosts on the same network communicate, the MTU of the network is important to both communication ends. When hosts need to communicate across multiple networks, the smallest MTU on the communication path is most important to both ends. This is because different networks along the communication path have different link-layer MTUs. The minimum MTU on the communication path is called the path MTU. The minimum MTU on the communication path is called the Path MTU.

Path MTU Discovery (PMTUD)

Path MTU Discovery (PMTUD) is a standardized mechanism that is used by end hosts to avoid fragmentation or packet drops. The basic idea is that the source host will assume that the path MTU is equal to its exit interface MTU and will send all packets on the path with (DF bit) set. If any of the packets is bigger than the path MTU, it will be dropped by the middle routers and an ICMP message will be sent to the source to inform it that it needs to lower the packet size.

IPv4 PMTUD

Path MTU Discovery (PMTUD) dynamically determines the MTU size on the network path between the source and the destination, with the goal of avoiding IP fragmentation. In IPv4, the minimum MTU (without fragmentation) on the communication path is 576 bytes. The IPv4 and TCP portions of the frame occupy 40 bytes (IPv4 20 bytes + TCP 20 bytes) leaving 536 bytes as the data payload. This means IPv4 TCP Maximum Segment Size (MSS) = 536.

PMTUD works by setting the Don’t Fragment (DF) bit in the IP headers of outgoing packets. When a device along the path has an MTU that is smaller than the packet, the device drops the packet. The device also sends back an ICMP Fragmentation Needed (Type 3, Code 4) message that contains the device’s MTU, thus allowing the source to reduce its path MTU appropriately. The process repeats until the MTU is small enough to traverse the entire path without fragmentation.

The diagram below shows the sample flow including the ICMP Fragmentation and DF-bit messages on the communication path.

Path MTU Discovery consists of:
• Source host sets DF-bit in the IP header to indicate that packet must not be fragmented in transit and sends the packet with MTU 1500.
• PE router that has smaller interface MTU will drop these large packets: because they exceed the MTU of outgoing interface and because they are not allowed to fragment them due to DF-bit setting
• Intermediate routers will send an ICMP “Fragmentation Needed and DF set” back to source host.
• The ICMP “Fragmentation Needed” messages contains also the recommended MTU value.

By listening to the ICMP responses the host may find the proper path MTU value. PMTUD is commonly started with a first TCP session between the two hosts.
Note: IPv4 PMTUD is only supported by TCP and UDP. Other protocols do not support it.

Table below shows the ICMPv4 Type 3 defined in RFC 792,

The figure below shows the format of ICMPv4 Type 3 header of a “fragmentation needed and DF set” “Destination Unreachable” message.

PMTUD is done continually on all packets because the path between sender and receiver can change dynamically. Each time a sender receives a “Can’t Fragment” ICMP messages it will update the routing information (where it stores the PMTUD).

IPv6 PMTUD

As in IPv4, path MTU discovery in IPv6 allows a host to dynamically discover and adjust to differences in the MTU size of every link along a given data path. In IPv6, the minimum MTU on the communication path is 1280 bytes. The IPv6 and TCP portions of the frame occupy 60 bytes (IPv6 40 bytes + TCP 20 bytes) leaving 1220 bytes as the data payload. This means IPv6 TCP Maximum Segment Size (MSS) = 1220.

IPv6 routers do not support fragmentation or the Don’t Fragment bit option. For IPv6, Path MTU Discovery works by initially assuming the path MTU is the same as the MTU on the link layer interface where the traffic originates. Then, similar to IPv4, any device along the path whose MTU is smaller than the packet will drop the packet and send back an ICMPv6 Packet Too Big (Type 2) message containing its MTU, allowing the source host to reduce its Path MTU appropriately. The process is repeated until the MTU is small enough to traverse the entire path without fragmentation.

The figure below shows the sample flow including the ICMPv6 Packet Too Big messages on the communication path.

Note: Unlike with IPv4, PMTUD also works for non-TCP protocols with IPv6, fragmentation in IPv6 is performed only by source nodes, not by routers along a packet’s delivery path.

Internet Control Message Protocol (ICMP) in IPv6 functions the same as ICMP in IPv4. ICMP generates error messages, such as ICMP destination unreachable messages, and informational messages, such as ICMP echo request and reply messages. Additionally, ICMP packets in IPv6 are used in the IPv6 neighbor discovery process, path MTU discovery, and the Multicast Listener Discovery (MLD) protocol for IPv6.

The table below shows the ICMPv6 Type 2 defined in RFC 1885,

The figure below shows the format of ICMPv6 Type2 header of a “Packet too Big” message.

Leave a Reply

Your email address will not be published. Required fields are marked *

one × one =

This site uses Akismet to reduce spam. Learn how your comment data is processed.