Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3711
Views
5
Helpful
4
Replies

icmp packet greater that mtu size and df-bit not being dropped

Go to solution
gerrym@bhs.org.au
Level 1
Level 1

‎10-26-2017 06:28 PM - edited ‎03-08-2019 12:31 PM

Hello,

 

I have a problem wherebye an ICMP ping packet with size 1496 and the df-bit set is not being dropped as it passes through a layer 2 switch with the MTU set at 1490.   If I set the icmp packet size to 1497, then the packet is dropped as I would expect, but I would also expect the packet to be dropped if it's size ls greater that 1490.  In fact, what I observe is that any L3 packet (icmp) that is not more that 6 bytes bigger than the interface mtu (l2) on this switch, will not be dropped. 

 

This behavior does not seem correct unless I have misunderstood how an interface MTU is supposed to work.

 

I am using Cisco vios_l2_ADVENTERPRISEK9-M version 15.2 for all my nodes (running on gns3).

According to the diagram below, I am pinging from R1 to R2.  Both R1 and R2 use  SVIs.  The MTUs on R1, SW3 and SW4 are all left at their default value of 1500.

On SW2, the physical interface linking to SW3 is set at 1490.

mtu_issue.png

 

 

 

On R1, I do the following:

 

R1#ping 10.65.253.2 size 1496 df-bit
Type escape sequence to abort.
Sending 5, 1496-byte ICMP Echos to 10.65.253.2, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms

Wireshark reports the packet size as 1514 bytes:

1468 data size

28 icmp and ip header size.

4 byte vlan tag

14 byte ethernet header.

 

Any insights much appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-27-2017 07:02 AM

MTU and DF (together) don't apply at L2.

If MTU varies at L2 (which it shouldn't) you're going to run into whatever the hardware will do. My guess is the extra six bytes works in your instance because your hardware supports VLAN tagging and if your frames are not so tagged, the frame's MTU can be a bit bigger than the MTU setting.

View solution in original post

4 Replies 4

Go to solution
Meheretab Mengistu
Level 7
Level 7

‎10-26-2017 11:12 PM

Hi,

Please share the output of 'sh system mtu' on SW2.

HTH,
Meheretab
HTH,
Meheretab
0 Helpful

Go to solution
gerrym@bhs.org.au
Level 1
Level 1
In response to Meheretab Mengistu

‎10-27-2017 12:24 AM

Unfortunately IOSV L2 does not support "show system".

 

The best I can get is:

SW2#show interfaces mtu

Port Name MTU
Gi0/0 1500
Gi0/1 1500
Gi0/2 1500
Gi0/3 1490
Gi1/0 1500

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎10-27-2017 01:24 AM

Hello,

 

on a side note, the problem might be that some switches do not support MTU on an interface basis. I tried this in VIRL and get the same results as you. The interface settings show the MTU as being 1490, but don't take effect. I suspect this is because these are simulated environments. Can you try this on a 'real' switch ?

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-27-2017 07:02 AM

MTU and DF (together) don't apply at L2.

If MTU varies at L2 (which it shouldn't) you're going to run into whatever the hardware will do. My guess is the extra six bytes works in your instance because your hardware supports VLAN tagging and if your frames are not so tagged, the frame's MTU can be a bit bigger than the MTU setting.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card