MTU and Jumbo Frames: When It Matters
MTU is one of the most boring and most damaging silent issues. Knowing the four common cases catches most.
Why MTU matters
MTU is one of the quietest sources of network pain. Symptoms are vague, the root cause is subtle, and most teams diagnose it by accident.
- Wrong MTU. Packets fragment along the path; throughput collapses; latency becomes intermittent.
- Symptom blur. 'Slow sometimes' or 'large requests fail' are the typical clues; nothing screams 'MTU'.
- Path MTU discovery. Relies on ICMP that firewalls often block; black-hole MTU issues are common.
- Diagnose early. Five minutes with the right ping flag rules MTU in or out; do this before deeper investigation.
Four scenarios
- 1. VPN tunnels (encapsulation overhead).
- 2. Cross-cloud links (provider MTUs differ).
- 3. Container networking overlay (additional overhead).
- 4. Jumbo frames in datacenter (gain throughput).
Diagnostic pattern
The diagnostic is mechanical. One ping rules MTU in or out; the trace narrows down where the path breaks.
- Probe.
ping -M do -s 1472 destination; the don't-fragment flag plus 1472-byte payload exercises the standard 1500 MTU. - Interpret. Failure means an interface along the path has MTU below 1500; success means 1500 is fine end to end.
- Narrow down. Repeat with
traceroute -F -n -M 1472 destinationto identify the exact hop that drops oversized packets. - Confirm fix. After lowering MTU on the offending interface, re-run the probe; black-hole resolved when the ping succeeds.
Cloud defaults
Cloud providers ship different MTU defaults. Mismatched MTU at the cloud boundary causes silent fragmentation that is painful to diagnose.
- AWS VPC. 9001 (jumbo) within a VPC; 1500 across VPC peering and out to the internet.
- GCP. 1460 default; raises to 8896 for jumbo if explicitly enabled per network.
- Azure. 1500 default; raise per-NIC for jumbo within accelerated-networking-capable VMs.
- Cross-cloud. The lowest MTU on the path wins; size your tunnel and overlay MTUs accordingly or expect fragmentation.
Antipatterns
- Default MTU through VPN. Fragmentation.
- Jumbo frames without end-to-end support. Drops.
- Diagnosing throughput issues without checking MTU. Wasted hours.
What to do this week
Three moves. (1) Apply this pattern to your highest-risk network path. (2) Measure the failure mode rate before/after. (3) Document the change so the next incident-responder inherits the knowledge.