06/28/2023 64 People found this article helpful 457,766 Views
Troubleshooting: WAN Connectivity and Self-diagnosis (MTU)
1. What kind of issues may caused by MTU
The bandwidth of your WAN connectivity is wide enough for WAN applications (include VPN), but you are encountering following issues.
1. You can open only a part of pages of a website.
2. For some online applications (e.g. games, videos), sometimes the surf speed is evidently getting slower.
3. Applications of some websites are sucked or blocked while there is no forbidden policy (App Rule) configured.
In summary, if there is no packet drop but the Internet speed is sometimes fast and sometimes slow, to a large extent, it may caused by improper MTU value.
2. Root Cause Analysis
2.1 MTU and related Concepts.
When a packet (IPv4) traverses to a device with an MTU smaller than the packet size, the device will deal with the packet depending on the DF option bit. If the DF bit is set, the device will drop the packet and send back an "ICMP Fragmentation Needed" message with its MTU. If the DF bit is not set, the packet will be fragmented and sent to the destination.
2.2 Why MTU may lead to such problems
PMTU Black Hole: In today's network, if the source device supports PMTU Discovery, it will set the DF option bit in the IP header of the packet. When a device with a smaller MTU receives the packet, it will send back an ICMP message with the MTU size. The source will adjust the packet size according to the received message then the size of next packets will not exceed the PMTU and transmit without fragment. But during transmission, the packet may encounter PMTU black hole. When the packet with DF option bit set arrives at a device (e.g. router) with smaller MTU, the device drops the packet directly without sending back ICMP message. In such scenario, the source device cannot discover the PMTU and continuously send the packet with the bigger MTU. As a result, the application will be blocked.
Poor Fragmentation Capability: A packet transmitting from the source to the destination may traverse a large number of devices from various vendors. Some of these devices may have poor fragmentation performance. When the application data need to traverse a device with poor capability for fragment and reassembly, the online application traffic may get slow or even blocked.
Influences from Security Devices: In principle, the fragment and reassembly for an Internet application packet only occurs at the source and destination devices. However, when the fragmented packet traverses a network monitor or security appliance, these devices may require to reassemble the fragmented packet for some particular purposes (e.g. security requirement) . Such behavior may further slower the traffic speed of the application and even cause dis-connectivity.
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
How to Troubleshoot:
Internet speed is sometimes fast and sometimes slow or only apart of web pages cannot open.
Note: If there is no packet reported dropped, there is a strong possibility that the issue is caused by MTU.
Note: if there is no result, there is maybe a PMTU black hole. Go to Step5.
Network Type | MTU (Bytes) | Reference |
Max Value | 65535 | RFC 791 |
Min Value | 68 | RFC 791 |
FDDI | 4352 | |
Ethernet | 1500 | |
IEEE 802.3 | 1492 | |
PPPoE | 1492 | |
Cisco GRE | 1476 | |
X.25 | 576 | |
PPP | 296 |
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
How to Troubleshoot:
Internet speed is sometimes fast and sometimes slow or only apart of web pages cannot open.
Note: If there is no packet reported dropped, there is a strong possibility that the issue is caused by MTU.
Note: if there is no result, there is maybe a PMTU black hole. Go to Step5.
Network Type | MTU (Bytes) | Reference |
Max Value | 65535 | RFC 791 |
Min Value | 68 | RFC 791 |
FDDI | 4352 | |
Ethernet | 1500 | |
IEEE 802.3 | 1492 | |
PPPoE | 1492 | |
Cisco GRE | 1476 | |
X.25 | 576 | |
PPP | 296 |