PfSense VLAN MTU
-
Hi all, I have successfully been running pfSense with VLAN's for a number of years now but I've just come across a question that may have had an effect on the operation/efficiency of the network (without me knowing :O)…
I have always had the MTU of each VLAN interface set to 1500, would this mean that any bytes/packets over 1500 would be rejected and if so how is the VLAN tag implemented surely it would be 1504?
-
http://en.wikipedia.org/wiki/Maximum_transmission_unit
the default mtu for ethernet is 1500. it doesn't matter if its with or without vlan's.
1500 is also the biggest possible mtu on default ethernet. There are things called jumbo frames that support 1500-9000, but that requires all hardware connected to be compatible with jumbo's.
If the data you have to send is bigger then 1500bytes, it gets chopped up (fragmented) into multiple frames of 1500 bytes, and other the other end reassembled
-
Some hardware supports sending the vlan tag above 1500 bytes.
vlanmtu, vlanhwtag, vlanhwfilter, vlanhwcsum, vlanhwtso If the driver offers user-configurable VLAN support, enable reception of extended frames, tag processing in hardware, frame filtering in hardware, checksum offloading, or TSO on VLAN, respectively. Note that this must be issued on a physical inter- face associated with vlan(4), not on a vlan(4) interface itself.
And from vlan(4):
The vlan driver supports efficient operation over parent interfaces that
can provide help in processing VLANs. Such interfaces are automatically
recognized by their capabilities. Depending on the level of sophistica-
tion found in a physical interface, it may do full VLAN processing or
just be able to receive and transmit long frames (up to 1522 bytes
including an Ethernet header and FCS). The capabilities may be user-con-
trolled by the respective parameters to ifconfig(8), vlanhwtag, and
vlanmtu. However, a physical interface is not obliged to react to them:
It may have either capability enabled permanently without a way to turn
it off. The whole issue is very specific to a particular device and its
driver.At present, these devices are capable of full VLAN processing in hard-
ware: ae(4), age(4), alc(4), ale(4), bce(4), bge(4), cxgb(4), cxgbe(4),
em(4), igb(4), ixgb(4), ixgbe(4), jme(4), msk(4), mxge(4), nxge(4),
nge(4), re(4), sge(4), stge(4), ti(4), txp(4), and vge(4).Other Ethernet interfaces can run VLANs using software emulation in the
vlan driver. However, some lack the capability of transmitting and
receiving long frames. Assigning such an interface as the parent to vlan
will result in a reduced MTU on the corresponding vlan interfaces. In
the modern Internet, this is likely to cause tcp(4) connectivity problems
due to massive, inadequate icmp(4) filtering that breaks the Path MTU
Discovery mechanism.These interfaces natively support long frames for vlan: axe(4), bfe(4),
cas(4), dc(4), et(4), fwe(4), fxp(4), gem(4), hme(4), le(4), nfe(4),
nve(4), rl(4), sf(4), sis(4), sk(4), ste(4), tl(4), tx(4), vr(4), vte(4),
and xl(4).The vlan driver automatically recognizes devices that natively support
long frames for vlan use and calculates the appropriate frame MTU based
on the capabilities of the parent interface. Some other interfaces not
listed above may handle long frames, but they do not advertise this abil-
ity. The MTU setting on vlan can be corrected manually if used in con-
junction with such a parent interface. -
That's what I needed, thank you :)