On Fri, Jul 22, 2016 at 8:01 AM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
What is best practice regarding choosing MTU on transit links?
Hi Baldur, On a link containing only routers, you can safely increase the MTU to any mutually agreed value with these caveats: 1. Not all equipment behaves well with large packets. It supposed to but you know what they say. 2. No protocol guarantees that every device on the link has the same MTU. It's a manual configuration task on each device and if the maximum receive unit on any device should happen to be less than the maximum transmit unit on any other, you will be intermittently screwed. This includes virtual links like the GRE tunnel. If you can guarantee the GRE tunnel travels a 9k path, you can set a slightly smaller MTU on the tunnel itself. MTU should never be increased above 1500 on a link containing workstations and servers unless you know for certain that packets emitted on that link will never traverse the public Internet. Path MTU discovery on the Internet is broken. It was a poor design - broke the end to end principle - and over the years we've misimplemented it so badly that it has no serious production-level of reliability. Where practical, it's actually a good idea to detune your servers to a 1460 or lower packet size in order to avoid problems transiting those parts of the Internet which have allowed themselves to fall beneath a 1500 byte MTU. This is often accomplished by asking the firewall to adjust the TCP MSS value in flight. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>