MTU path discovery and IPSec

Owen DeLong owen at
Wed Dec 3 16:37:40 UTC 2003

A subtle correction...

A router where all MTUs are the same will never have to fragement
anything.  A router where all MTUs are >=1500 will probably not
need to fragment anything.  However, it is possible to attach
a host via GIG-E or other media which supports jumbo frames
(Frame relay, for example) and need to fragment to support a
1500 octet MTU.  Currently, this would be a rare occurrence, but,
it is possible in some circumstances.  Eventually, if this assumption
were to circulate widely, it could have similar consequences to many
other errant assumptions on the internet.


--On Wednesday, December 3, 2003 11:19 AM -0500 "Steven M. Bellovin" 
<smb at> wrote:

> In message <120320031605.8838.1dea at>, jgraun at
> writes:
>> Two questions:
>> 1) I assume MTU path discovery has to been in enabled on each router in
>> the pa th in order for it work correctly?!
> No -- it only has to be enabled on routers with smaller outbound MTUs
> than inbound.  A router for which all links have a 1500-byte MTU
> doesn't need path MTU discovery; it will never need to fragment
> anything.
> 		--Steve Bellovin,

If it wasn't crypto-signed, it probably didn't come from me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list