Configuring TCP PMTU Discovery for IP

IP hosts transmit large amounts of data to other hosts using a series of IP datagrams. To best use resources, increase performance, and avoid difficult reassembly, hosts try to send datagrams that are as large as possible without requiring fragmentation anywhere along the path from the source to the destination. This datagram size is referred to as the path MTU (PMTU), and it is equal to the smallest MTU for each hop in the path.

Path MTU discovery is the process of discovering the path MTU value and using that value when transmitting TCP packets in datagrams.

Enabling TCP PMTU Discovery

You can enable PMTU discovery on the active virtual router using the tcp path-mtu-discovery command.

You can use the age-timer keyword to set the time (minutes) that TCP waits before attempting to increase the path MTU after receiving an ICMP Too Big message or after previously increasing the PMTU successfully (minutes2). The range of these two timers is 1–30 minutes. The timer defaults to 10 minutes.

You can use the age-timer indefinite keyword with the tcp path-mtu-discovery command to disable PMTU aging functions.

To enable and configure PMTU discovery on the virtual router:

To configure PMTU age timers:

Use the no version with a keyword to return the values to their defaults. Use the no version without any keywords to disable path MTU discovery on the virtual router.

Limiting TCP PMTU Discovery Values

You can limit calculated PMTU values within a range by using the tcp path-mtu-discovery command with the max-mtu and min-mtu keywords.

Note: When specifying PMTU limits, keep the following in mind:

  • If a PMTU discovery value is lower than the configured minimum MTU setting, PMTU discovery is disabled for that connection.
  • If a PMTU discovery value is larger than the configured maximum MTU setting, the configured maximum MTU setting is used.
  • The maximum MTU setting must be greater than the minimum MTU setting.

To limit the maximum MTU size used for the PMTU:

To specify the minimum MTU value used for the PMTU:

Use the no version to remove any limitation so that the virtual router uses the discovered path MTU value.

Configuring Black Hole Thresholds for TCP PMTU

Some domains might be configured not to generate certain ICMP messages (like an ICMP destination unreachable message) or to filter all ICMP messages. Under these conditions, the source of oversized ICMP packets never learns that it is sending oversized packets. The device continues sending oversized packets that never get through. This behavior is often referred to as a black hole.

A black hole threshold is a limit to the number of times a virtual router can retransmit identical sequences of datagrams before the retransmissions are identified as a problem.

To specify the number of permitted retransmissions before the retransmissions are determined to be a problem:

Related Documentation