Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    9000 MTU WAN

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 4 Posters 769 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      iTestAndroid
      last edited by

      I have a special case in a datacenter and my WAN is 9000 MTU and all the way through routers within datacenter, they all are 9000 MTU

      Do I have to set my LAN also to 9000 MTU? I have LAN on default 1500 MTU but it's acting up, I have packet drops and things like that. Am I missing something here? Should I set LAN to 9000 MTU as well?

      JKnottJ 1 Reply Last reply Reply Quote 0
      • AndyRHA Offline
        AndyRH
        last edited by

        Ideal is to have the same MTU all the way from host to host.

        o||||o
        7100-1u

        I 1 Reply Last reply Reply Quote 0
        • I Offline
          iTestAndroid @AndyRH
          last edited by

          @andyrh True, but if I don't set LAN MTU and guest VM's MTU to 9000, it should still work fine?

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            Yeah, if you have incoming connections from WAN to LAN at 9000B you should have the LAN set as that also.
            Packet captures would show it.

            Steve

            I 1 Reply Last reply Reply Quote 0
            • I Offline
              iTestAndroid @stephenw10
              last edited by iTestAndroid

              @stephenw10 I'm mainly having connection issues from inside LAN to outside, especially on small SSL connections

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Run a pcap on the WAN and see what's happening. If path-mtu is not working as expected and replies are coming back in oversized packets with do-not-fragment set they would be dropped.

                Steve

                I 1 Reply Last reply Reply Quote 0
                • I Offline
                  iTestAndroid @stephenw10
                  last edited by

                  @stephenw10 Ok, how about VPN interfaces, I have OpenVPN and wireguard, I don't have to touch those or set those to 9000, right?

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    I would not expect so since the hosts using those at each end are presumably using 1500.

                    1 Reply Last reply Reply Quote 0
                    • JKnottJ Offline
                      JKnott @iTestAndroid
                      last edited by

                      @itestandroid

                      You can have whatever MTU you wish on your LAN, as IP is designed to work over different MTU, provided everything thing on a subnet is at the same MTU. Fragmentation (IPv4 only) and Path MTU Discovery (PMTUD) will be used fit the packets to a MTU. However, if you can manage 9000 on your LAN, then that would be best. However, you won't be able to use WiFi on that LAN as it supports a maximum MTU 2304 bytes. Also, where is your LAN compared to the data centre? If you have to connect to it via the public Internet, then you're still going to be limited to 1500. I believe Internet 2 supports 9000 MTU.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.