MTU Packets broken over 8968
-
i have a wired mtu problem.
If i ping form my linux server (MTU 9000) to the Pfsense with "ping -s 8968" it worked. With
8969-8972 it didnt work. The package didnt get to the Pfsense.In the other way I ping to the server with 8969 the server get the package send an ansewer, but the pfsense didnt get the answer package.
Captured with tcpdump and pfsense packagecapture.
Can anybody help ?
-
With ping, you have the payload and the headers. The headers take 32 bytes with IPv4, so the payload cannot be any more than 9000-32 or 8968.
-
@JKnott Sorry thats wrong. The payload ist 28byte not 32 . Between two linux or Windows Systems you can transfer 8972 byte (8972 + 28)
-
Sorry, I made the mistake of counting the MAC address. Regardless the point remains the same. You lose some of the MTU space to protocols. Here's a screen capture from Wireshark. I have selected the data field and look at what's highlighted. It starts right at 32.
-
This did not help.
I try to explain it better.Client 1 MTU 9000
Client 2 MTU 9000
Pfsense MTU 9000Client 1 <-> Client 2 Connection work perfect (max Package size 8972)
Client 1 <-> Pfsense <-> Client 2 Some Package Broken. All over 8968
It seams like the VLAN header is the Problem.
I can not increas the mtu over 9000. But i can not lower the mtu on Windows. -
Did you mention VLANs before? I didn't see it. Regardless, a VLAN tag will cost another 4 bytes from the MTU. The MTU refers to the bytes after the MAC addresses and before the CRC. That includes all the upper level protocols, including VLAN tags. Fire up Wireshark and take a look at the actual frames. Click on the various fields to see where they begin and end, as I did with that data field.
-
@JKnott thx i found the solution.
The solution is to lower the mtu on all partitipants of the vlan. Not on the Switches or the physical network adaper of the pfsense. I lower client1 client2 an vlan interface on pfsense on MTU 8800. With that i have no broken packats.
I transmit 8772 Data Bytes + 28Bytes header = MTU 8800. If i send one over it it gets fragmentet.
The Problem is that the switch added the 4byte VLAN header. So the packag was greater then 9000 (9004). The physical network adapter on the PFsense throw the package away and it gets lost in the VLAN.
by the way you can set this on windows also with the folowing command:
netsh interface ipv4 set subinterface "interface name" mtu=8800 store=persistent
