Why is it that configuring a router's MTU settings from automatic 1500 to a manual setting that's lower e.g. 1400 will solve VPN issues, connectivity problems, etc. Does the packet size really matter that much?
Router MTU
- Thread starter llee
- Start date
- Status
Crusty
Lifer
- Sep 30, 2001
- 12,684
- 2
- 81
You will get much better answers in the networking forum as this isn't really all that highly technical.
The root of the problem you are describing is that a VPN will encapsulate your data packet so it can provide it's own security measures. When you do that you have to increase your packet size to accommodate the new header information.
Anytime you try to send a packet that is larger than your MTU you have to break it up into multiple frames so that it can be passed along the network. So if you force your packets to have a frame size much lower than 1500 then when the VPN encapsulates the packet you are still below 1500 and can send the packet along unharmed.
Why is breaking packets up bad? It causes excessive CPU/Memory usage and in the case of a VPN the overhead increases as well. If a packet has to be split up so it can fit inside the MTU size you are having to duplicate the IP headers/VPN headers which creates extra data to send, so you lower the amount of actual data you can send because you have more overhead.
The root of the problem you are describing is that a VPN will encapsulate your data packet so it can provide it's own security measures. When you do that you have to increase your packet size to accommodate the new header information.
Anytime you try to send a packet that is larger than your MTU you have to break it up into multiple frames so that it can be passed along the network. So if you force your packets to have a frame size much lower than 1500 then when the VPN encapsulates the packet you are still below 1500 and can send the packet along unharmed.
Why is breaking packets up bad? It causes excessive CPU/Memory usage and in the case of a VPN the overhead increases as well. If a packet has to be split up so it can fit inside the MTU size you are having to duplicate the IP headers/VPN headers which creates extra data to send, so you lower the amount of actual data you can send because you have more overhead.
Elias824
Golden Member
- Mar 13, 2007
- 1,100
- 0
- 76
That makes sence to me, but why would the OP think a smaller MTU was better for VPN, since a smaller MTU would result in more packet splits
Because VPN packets need to be tunnelled/encapsulated and the encapsulation takes space. If the MTU of your public network (e.g. Internet) is 1500, then your private packets on your VPN must be smaller, so that they do not have to be fragmented once the baggage of the encapsulation is added.
This wiuld normally be done by the VPN client/server.
This wiuld normally be done by the VPN client/server.
You're probably on a PPPoE connection and have a router that screws up and sets the MTU to 1500 anyway...lot of (at least some older, popularly used ones) Linksys ones did that. RV016, RV082, etc. Manual 1492, and good times.
- Status
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 384
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
Facebook
Twitter