The Maximum Transmission Unit (MTU) defines the largest packet size that can be transmitted without fragmentation. The MTU setting helps determine packet flow efficiency between the Socket and the PoP. While Ethernet interfaces typically support an MTU of 1500 bytes, DTLS overhead reduces the effective MTU over the tunnel to 1383 bytes. This behavior affects how packets are handled based on fragmentation settings.
When the DF bit is set, the Socket handles oversized packets for WAN traffic by sending an ICMP Fragmentation Needed message back to the sender. This message includes the acceptable MTU size (e.g., 1383 bytes), prompting the client to fragment the packet accordingly.
If the DF bit is not set and the packet for WAN traffic exceeds the effective MTU, the Socket fragments the packet. The PoP then reassembles the fragments and forwards the complete packet to the destination. This behavior ensures continuity but may have implications for packet loss visibility in monitoring tools.
Socket LAN Ports and Jumbo Frames
Cato doesn’t support jumbo frames on Socket LAN ports. When the Socket receives a packet larger than 1500 bytes on a LAN port, it checks the Do Not Fragment (DF) bit.
- If the DF bit is not set, the Socket accepts the packet and fragments it to comply with the 1500-byte limit
- If the DF bit is set, the Socket drops the packet and sends an ICMP Fragmentation Needed message back to the sender
MTU Behavior with Multiple Active WAN Links
For Socket sites that are deployed with multiple active WAN links:
-
Downstream (PoP to Socket): The PoP checks the maximum packet size that can pass through without fragmentation per WAN link. The lowest MTU discovered is applied across all downstream tunnels.
For example, if a site has two WAN links with discovered MTUs of 1450 bytes and 1383 bytes, the downstream MTU used will be 1383 bytes to ensure consistent delivery across all links.
- Upstream (Socket to PoP): The Socket calculates MTU per active link. The smallest MTU among active links becomes the effective MTU for the upstream tunnel.
Note: Passive WAN links do not influence the MTU used for active tunnels.
Off-Cloud tunnels (site-to-site) use a separate MTU calculation, accounting for a 106-byte overhead. These tunnels periodically run their own MTU discovery independent of the Socket-to-PoP path.
Use the Socket WebUI to configure the MTU for a Socket site. The Socket must reconnect to the PoP for the changes to take effect, which can interrupt all traffic flows.
To configure the MTU for a Socket site:
- Log in to the Socket WebUI for the site (see Accessing the Socket WebUI).
-
Go to the Network Settings tab and enter the MTU for each WAN link.
- Click Update. The Socket reconnects to the PoP and the MTU is updated.
Notes:
- PMTUD packets can trigger apparent packet loss, particularly on passive links with minimal traffic.
- Starting in Socket version 23.0.19445, PMTUD packets are excluded from packet loss metrics.
-
It's possible to set the MTU that is automatically applied to all Socket sites. When you use this automatic MTU configuration, you CANNOT configure the MTU for a specific site.
For more information about setting the MTU for all Socket sites, please contact Support.
0 comments
Article is closed for comments.