Community discussions

MikroTik App
  4. RouterOS
  5. General

mtu change ?

Post Reply
 
network99
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Nov 22, 2017 8:47 pm

mtu change ?

Sun Dec 24, 2017 2:05 pm

hello guys
i'm not english man , sorry !

for change users MTU , Which rulls to use ? ( input , output or forward ? )
Source ?
Destination ?
Once created, the rule for the Source (172.16.14.10)
and
Once created, the rule for the Dest(172.16.14.10)
Code: Select all
/ip firewall mangle
add chain=forward disabled=yes src-address=172.16.14.10
add action=change-mss chain=forward new-mss=1500 protocol=tcp src-address=\
    172.16.14.10 tcp-flags=syn

/ip firewall mangle
add chain=forward disabled=yes src-address=172.16.14.10
add action=change-mss chain=forward dst-address=172.16.14.10 new-mss=
    protocol=tcp tcp-flags=syn
how to calculate mtu for this network ?

Image
Top
 
idlemind
Forum Guru
Forum Guru
Posts: 1146
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: mtu change ?

Tue Dec 26, 2017 2:06 am

Firewall rules should be unneeded. The clamp-tcp-mss feature is a crutch and only cleans up TCP flows.

Set the MTU values on the appropriate interfaces and allow ICMP messages related to path MTU discovery to pass correctly and packets will move without issue.
Top
 
network99
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Nov 22, 2017 8:47 pm

Re: mtu change ?

Tue Dec 26, 2017 3:07 pm

Firewall rules should be unneeded.

There is no roll in the firewall ! ( no filter - no NAT )

Set the MTU values on the appropriate interfaces

Do you mean interfaces?
I have set 1500 of all interface ( example : ether2 - 1500MTU )

and allow ICMP messages related to path MTU discovery to pass correctly and packets will move without issue

How ?
I do not understand !
Top
 
idlemind
Forum Guru
Forum Guru
Posts: 1146
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: mtu change ?

Tue Jan 09, 2018 9:02 pm

Firewall rules should be unneeded.

There is no roll in the firewall ! ( no filter - no NAT )

Set the MTU values on the appropriate interfaces

Do you mean interfaces?
I have set 1500 of all interface ( example : ether2 - 1500MTU )

and allow ICMP messages related to path MTU discovery to pass correctly and packets will move without issue

How ?
I do not understand !
MikroTik's firewall is allow by default so if you are not doing any other firewall rules then you're alright. Just set MTU on relevant interfaces. You may need to work with the owners of each link to help determine the correct setting.

The MTU of the PPPoE clients should be 8 bytes less than the parent interface. Assuming the parent interface is truly 1500 MTU via Ethernet then the PPPoE interface should have an MTU of 1492.

http://baturin.org/tools/encapcalc/
Top
 
network99
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Wed Nov 22, 2017 8:47 pm

Re: mtu change ?

Wed Jan 24, 2018 7:47 pm

The MTU of the PPPoE clients should be 8 bytes less than the parent interface. Assuming the parent interface is truly 1500 MTU via Ethernet then the PPPoE interface should have an MTU of 1492.
http://baturin.org/tools/encapcalc/
My Resualt :

Code: Select all
G:\>mturoute www.google.com
* ICMP Fragmentation is not permitted. *
* Speed optimization is enabled. *
* Maximum payload is 10000 bytes. *
- ICMP payload of 1472 bytes is too big.
+ ICMP payload of 92 bytes succeeded.
+ ICMP payload of 782 bytes succeeded.
+ ICMP payload of 1127 bytes succeeded.
+ ICMP payload of 1299 bytes succeeded.
+ ICMP payload of 1385 bytes succeeded.
+ ICMP payload of 1428 bytes succeeded.
+ ICMP payload of 1450 bytes succeeded.
- ICMP payload of 1461 bytes is too big.
- ICMP payload of 1455 bytes is too big.
+ ICMP payload of 1452 bytes succeeded.
- ICMP payload of 1453 bytes is too big.
Path MTU: 1480 bytes.

Code: Select all
G:\>mturoute -t www.google.com
mturoute to www.google.com, 30 hops max, variable sized packets
* ICMP Fragmentation is not permitted. *
* Speed optimization is enabled. *
* Maximum payload is 10000 bytes. *
 1  +-  host: 192.168.1.1  max: 1500 bytes
 2  -+++++++--+-  host: 1.1.1.1  max: 1480 bytes
 3  +-  host: 192.168.*.197  max: 1480 bytes
 4  +-  host: 192.168.*.1  max: 1480 bytes
 5  No response from traceroute for this TTL.  Tried 3 times
 6  +-  host: 192.168.*.241  max: 1480 bytes
 7  +-  host: 10.10.*.61  max: 1480 bytes
 8  +-  host: 10.201.*.142  max: 1480 bytes
 9  +-  host: 10.201.42.117  max: 1480 bytes
10  +-  host: 10.202.4.6  max: 1480 bytes
11  +-  host: 89.221.34.10  max: 1480 bytes
12  +-  host: 195.22.211.38  max: 1480 bytes
13  +-  host: 72.14.205.182  max: 1480 bytes
14  ...-.-  host: 108.170.252.19 not responding
15  .-.-  host: 108.170.236.249 not responding
16  .-.-  host: 72.14.235.39 not responding
17  No response from traceroute for this TTL.  Tried 3 times
18  .-.-  host: 216.239.50.241 not responding
19  +-  host: 216.58.198.4  max: 1480 bytes

Code: Select all
ping www.google.com -f -l 1460

Pinging www.google.com [216.58.198.4] with 1460 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 216.58.198.4:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Code: Select all
ping www.google.com -f -l 1452

Pinging www.google.com [216.58.198.4] with 1452 bytes of data:
Reply from 216.58.198.4: bytes=64 (sent 1452) time=94ms TTL=45
Reply from 216.58.198.4: bytes=64 (sent 1452) time=91ms TTL=45
Reply from 216.58.198.4: bytes=64 (sent 1452) time=114ms TTL=45
Reply from 216.58.198.4: bytes=64 (sent 1452) time=88ms TTL=45

Ping statistics for 216.58.198.4:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 88ms, Maximum = 114ms, Average = 96ms

Code: Select all
ping www.google.com -f -l 1400

Pinging www.google.com [216.58.198.4] with 1400 bytes of data:
Reply from 216.58.198.4: bytes=64 (sent 1400) time=100ms TTL=45
Reply from 216.58.198.4: bytes=64 (sent 1400) time=96ms TTL=45
Reply from 216.58.198.4: bytes=64 (sent 1400) time=89ms TTL=45
Reply from 216.58.198.4: bytes=64 (sent 1400) time=111ms TTL=45

Ping statistics for 216.58.198.4:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 89ms, Maximum = 111ms, Average = 99ms
Top
 
idlemind
Forum Guru
Forum Guru
Posts: 1146
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: mtu change ?

Thu Jan 25, 2018 5:26 pm

1452 + 20 (IP) + 8 (PPP) = the 1480 detected MTU is likely correct. It implies from your point of testing that is the available MTU size you can squeeze through without fragmentation.

So if you were testing over the vDSL linkage like your drawing shows a good starting point might be to reduce the max-mru and max-mtu of the PPPoE server. By default they are set to 1480, 1500 - 20, with 1500 being the default Ethernet MTU size. If your MTU is 1480 then you should be setting the max-mru and max-mtu to 1460, 1480 - 20. You can decide on whether or not you want to disable MRRU or not. It basically fragments any packets crossing the link that are larger than the MTU size would normally allow. So a setting of mrru=1500 will allow the client to think they have an MTU of 1500 available but would increases the work the router has to do.

Lastly with all of these changes make sure ICMP messaging is handled appropriately so that fragmentation is handled cleanly and appropriately without the need for MSS clamping rules. MSS clamping is a crutch, it only applies to TCP traffic which leaves UDP traffic vulnerable to fall on the floor.
Top
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 130 guests
  4. RouterOS
  5. General