Sunday 2 July 2023

SWITCH - Difference between INTERFACE MTU and IP MTU

 Difference between Interface MTU and IP MTU

The most confusing Topic is related with system MTU and IP MTU and function for this during packet size larger.

The Ethernet Frame:


The Ethernet frame consists of the following parts:

  • Preamble: 7 bytes or 56 bits of alternating zeroes and ones starting with one marking the beginning of an ethernet frame.
  • Start Frame Delimiter (SFD): 1 byte or 8 bits of alternating zeroes and ones starting with one with the last bit as one making the binary value 10101011. It notifies the receiving device that the next bit is of the destination MAC address.
  • Destination MAC Address: The 6-byte MAC address of the NIC of the receiver.
  • Source MAC Address: The 6-byte MAC address of the NIC of the sender.
  • Length/Type: A 2-byte field containing the information about the protocol of the upper (Network Layer) layer.
  • Payload: The actual data to be sent from the sender to the receiver along with padding bits wherever necessary. The size of this field ranges from 46 to 1500 bytes.
  • Frame Check Sequence (FCS): This 4-byte field is used to ensure that the received Ethernet frame is intact.

    Minimum ethernet Frame - 64 byte


Frames with sizes less than 64 bytes are padded to reach 64 bytes. Meaning, if the Layer 3 data is less than 46 byte, extra bytes will be added to Layer 2

Maximum Ethernet frame -  1518



By default, all interfaces has a default MTU 1500 and IP MTU.

  

 We will play and learn the MTU System and IP MTU function using above LAB 

Condition 1 - Browser Router Interface System MTU = 1500 and IP MTU = 1500

Browser# sh int fastEthernet 0/0

FastEthernet0/0 is up, line protocol is up

  Hardware is AmdFE, address is cc03.13c0.0000 (bia cc03.13c0.0000)

  Internet address is 192.168.23.3/24

  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255


Browser#sh ip interface fastEthernet 0/0

FastEthernet0/0 is up, line protocol is up

  Internet address is 192.168.23.3/24

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1500 bytes

  Helper address is not set


Lets Ping from Browser  to Mario using SIZE 36  PACKET ICMP 

Browser#ping 2.2.2.2 size 36

Type escape sequence to abort.

Sending 5, 36-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 52/68/76 ms



To make things clear here, Wireshark doesn’t capture the FCS which is 4 bytes, that’s why it sometimes gets confusing when using Wireshark to calculate MTU

After pinging with the minimum allowed size of 36 bytes


We can also conclude that the size referenced in the IOS command, means the size of the IP header and anything underneath it, which excludes the frame headers

Now let’s try pinging with a packet size 1500 bytes with the DO-NOT Fragment bit set


So we can now conclude one thing, that the MTU set on the interface on Cisco IOS devices is actually 1514 not 1500 (it’s even 1518 but we decided to neglect the FCS for now), the thing is Cisco Excludes the frame header from the MTU command.

Let’s try pinging with a packet size which is larger than 1500 (Larger than both MTU and IP MTU) with a DF-Bit set

We notice the Ping is failed - reason becasue we have limited the MTU size on Interface = 1500 MTU size without DF 

Browser#ping 2.2.2.2 size 1501 df-bit

Type escape sequence to abort.
Sending 5, 1501-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with the DF bit set
.....
Success rate is 0 percent (0/5)


We notice the ping getting failed and lets see if we can increase the IP MTU size for Interface , but when we check we found that MTU is not allowed to increase 

Browser(config)#int f0/0
Browser(config-if)#ip mtu ?
  <68-1500>  MTU (bytes)

now we will do one thing to increase the Interface MTU size to 1600 

Browser(config-if)#mtu ?
  <64-1600>  MTU size in bytes

Browser(config-if)#mtu 1600

Now let’s try pinging Router Mario again

Browser#ping 2.2.2.2 size 1501 df-bit

Type escape sequence to abort.
Sending 5, 1501-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with the DF bit set
M.M.M

You can see that the interface is capable of sending frames larger than 1500 bytes, but it showed an error with MTU regarding the size of the IP packets size. 
physical hardware of the interface is capable of sending frames up to 1600 bytes, but it can’t send IP packets larger than 1500 bytes because the configured IP MTU is 1500 only. 
Of course this is platform specific, other types of hardware are capable of sending MTUs up to 9192 bytes

But now since the MTU is 1600, the IP MTU can be increased to 1600 as well which leads us to the fact that IP MTU =< MTU (Less than or equal)

Browser(config)#int f0/0
Browser(config-if)#ip mtu ?
  <68-1600>  MTU (bytes)

We can now set our IP MTU to as big as 1600 bytes. Now let’s try to ping with a un-fragmented packet larger than 1500 again and we see the ping started again as it allowed 1600 size IP MTU 

Browser#ping 2.2.2.2 size 1600 df-bit

Type escape sequence to abort.
Sending 5, 1600-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!


Another question might arise, then why do I need MTU and IP MTU commands? Should I increase the MTU and move along? Well, the reason is you might want to give room for protocols that are above layer 3 but at the same time you want the layer 3 packets to have the same size. Meaning, I might want to give room for MPLS labels, Q-in-Q and VLAN tags without increasing the Layer 3 size, only then I’ll increase the MTU but keep the IP MTU as it is.

NOTE -  In this above test Mario and LUNGI had the maximum MTU and IP MTU configured which is 1600


NOTED POINT - Router Sending the packet , it will fragment the packet even if it was 10 times bigger than its MTU, but if it’s receiving a packet larger than its MTU, it will just discard it.

Now we can test Browser Router  F0/0 interface with MTU of 1600 and IP MTU of 1600 then setting LUNGI  interface to MTU of 1500 and IP MTU of 1500

Now let’s ping with 1600 from Browser Router but this time we will NOT set the DF-Bit which means I’m giving LUNGI Router liberty to do whatever it wants with the packet

Browser#ping 2.2.2.2 size 1600

Type escape sequence to abort.
Sending 5, 1600-byte ICMP Echos to 10.1.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

LUNGI ROUTER isn’t even replying with a fragmented packets to BROWSER ROUTER, which proves that receiving a bigger MTU isn’t feasible

Now let’s set LUNGI MTU to 1600 and IP MTU to 1500

LUNGI(config)#int f0/0
LUNGI(config-if)#mtu 1600
LUNGI(config-if)#ip mtu 1500

Now again ping with 1600 bytes from R1 without DF-Bit again


Browser#ping 2.2.2.2 size 1600

Type escape sequence to abort.
Sending 5, 1600-byte ICMP Echos to 10.1.2.2, timeout is 2 seconds:
!!!!!

Now this time we have seen the LUNGI Router manage and pass the packets and IP packet size is 1600, Lungi Router  managed to defragment the reply packets







Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)