đ Start: Having packet loss or slow performance?
Click to begin the diagnostic process. We'll walk through systematic troubleshooting steps.
â
â Can you ping with small packets (64 bytes)?
Test: ping -s 64 destination (Linux) or ping -l 64 destination (Windows)
â
đ´ Layer 1/2 Problem - Not MTU Related
If small packets fail, this is a connectivity issue, not MTU/fragmentation.
Troubleshooting Steps:
- Check physical connections and cable integrity
- Verify interface status:
show interface
- Check for errors/discards on interfaces
- Verify routing and ARP tables
- Check firewall rules and ACLs
â Can you ping with large packets (1472 bytes)?
Test: ping -s 1472 destination (Linux) or ping -l 1472 destination (Windows)
Note: 1472 data + 20 IP + 8 ICMP = 1500 byte packet
â
â
No MTU Issues Detected
Large packets work fine. Your MTU configuration is correct. Look for other performance issues.
â Can you ping with DF (Don't Fragment) bit set?
Test: ping -M do -s 1472 destination (Linux) or ping -f -l 1472 destination (Windows)
â
đ´ PMTUD Black Hole Detected!
ICMP "Fragmentation Needed" (Type 3, Code 4) messages are being filtered somewhere in the path.
Solutions:
1. TCP MSS Clamping (Recommended):
! Cisco IOS/IOS-XE
interface GigabitEthernet0/0
ip tcp adjust-mss 1460
! Juniper JunOS
set interfaces ge-0/0/0 unit 0 family inet tcp-mss 1460
# Linux iptables
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\
-j TCPMSS --set-mss 1460
2. Allow ICMP Type 3 Code 4:
! Cisco ACL
permit icmp any any packet-too-big
# iptables
iptables -A INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT
3. Reduce Interface MTU:
! Cisco
interface GigabitEthernet0/0
ip mtu 1400
â
PMTUD Working Correctly
Path MTU Discovery is functioning properly. ICMP messages are not being filtered.
Recommended Actions:
- Use TCP MSS clamping for optimal performance
- Consider reducing MTU on interfaces if needed
- Monitor for packet loss and retransmissions
- Document your MTU settings for future reference