Monday, July 23, 2018

The secrets of MTU - L2 MTU vs. L3 MTU - Where does the fragmentation happen?

"The Maximum Transmission Unit (MTU) is the largest possible frame size of a communications Protocol Data Unit (PDU) on an OSI Model Layer 2 data network." In today's network the standard MTU for Layer 3 IP packet is 1500 bytes. Meanwhile, the standard MTU for Layer 2 Ethernet frame is 1514 bytes ( 6 bytes source MAC + 6 bytes destination MAC + 2 bytes EtherType + 1500 bytes IP packet). For the Dot1Q trunk frame, extra 4 bytes for Dot1Q tag is added. So up to here, we understand that there are two types of MTUs. MTU for layer 2 frames and MTU for layer 3 packets.

In modern network, overlay encapsulation is more and more popular. Technology such as VxLAN requires switch fabric which has jumbo frame support. We may have a question, what happen if a switch receives a frame which has a larger MTU than it's local L2 MTU? The answer is that the switch will drop this over-size frame. Someone may ask why this frame cannot get fragmented? Actually the fragmentation is happening on the Layer 3. The DF bit is sitting in the IP header. So no fragment happens on the layer 2.

Click to Expand
So, every over-size L2 frame will be dropped. In order to avoid packet dropping, we should enable jumbo frame support in the switch fabric.

Ok, now we understand L2 MTU vs L3 MTU. Another interesting question comes up. When a L3 IP packet passing through a router, where the MTU will be checked and where the fragmentation will happen? The inbound interface or the outbound interface. In order to find out the answer of this question, let's do a simple Lab as the following topology.

Click to Expand
As shown in the above diagram, we configure G0/0 (inbound interface) on R2 as IP MTU 1300. All the other interfaces have standard IP MTU 1500. When we send a packet with IP Packet size 1500 from R1 to R3. We can see this packet is not been fragmented by R2. It arrives at R3 with the original packet size 1500.

Let's send another IP packet with size 1500 from R3 to R1. This time, we can see the packet has been fragmented into two by R2.

Click to Expand

by doing this lab, we understand that the IP MTU is checked by the outgoing interface of the router. If fragmentation is required, the packet is fragmented by the outgoing interface of the router. So if the DF bit is set, then the packet will be dropped on the outbound interface as well. 



  1. Very nice explanation. But after fragmented the packets of 1500 bytes it changes to 1314 and 234 bytes? How it is calculated could be please elaborate?

  2. Hi Dipan, nice catch! The 1314 and 234 I originally put in were actually the L2 frame size. It was 1300 (20 byte IP header + payload) + 14 (L2 header) & 220 (20 byte IP header + payload) + 14 (L2 header). But I think in the diagram, it's better to put all in IP packet only. So the diagram has been updated.

    Thank you!


NSX Load Balancer "Application Rules" Examples:

Load Balancing is one of the features provided by the NSX Edge Services Gateway (ESG). It can provide L7 Load Balancing by utilizing the HA...