On Tue, Dec 30, 2025 at 9:24 AM nanog--- via NANOG <nanog@lists.nanog.org> wrote:
I thought 9000-byte MTU wasn't used on LANs due to the headache of ensuring every single device on the LAN has the same MTU.
You don't need PMTUD to work on the internet to use longer packets in your LAN. The "packet too big" reply only has to make it from *your* edge router back to *your* server through *your* network.
But every host and switch in an Ethernet must agree on MTU because there's no Ethernet-layer PMTUD.
Actually, they only have to agree on the MRU and the upper level protocols just about always provide mechanisms to assure the packets they emit won't exceed the recipient's MRU. It's not -quite- that simple but it's simple enough that but for PMTUD being broken on the Internet we could have moved to 9k MTUs by now. Interestingly, AWS VPCs mostly have moved to 9k MTUs. Check your EC2 instance: $ ifconfig -a ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001 The Blackfoot firewalls that implement NAT between the VPCs and the Internet do MSS clamping so that they don't have to rely on PMTUD for TCP to work. Do a tcpdump on both sides. You'll see the MSS leave your EC2 instances in the upper 8000's but arrive at the other end clamped below 1500. Inside the VPC of course, they work at 9k. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/