What is MTU?
In networking, maximum transmission unit (MTU) is a measurement representing the largest data packet that a network-connected device will accept. Imagine it as being like a height limit for freeway underpasses or tunnels: Cars and trucks that exceed the height limit cannot fit through, just as packets that exceed the MTU of a network cannot pass through that network.
However, unlike cars and trucks, data packets that exceed MTU are broken up into smaller pieces so that they can fit through. This process is called fragmentation. Fragmented packets are reassembled once they reach their destination.
MTU is measured in bytes — a "byte" is equal to 8 bits of information, meaning 8 ones and zeroes. 1,500 bytes is the maximum MTU size.
What is a packet?
All data sent over the Internet is broken down into smaller chunks that are called packets. For example, when a webpage is sent from a web server to a user's laptop, the webpage’s constituent data travels over the Internet as a series of packets. The packets are then reassembled into the original, whole webpage by the laptop.
Data packets have two main parts: the header and the payload. The header contains information about the packet's source and destination addresses, while the payload is the actual contents of the packet. Think of the header as a shipping label attached to a parcel, and the payload as the parcel’s contents. (Unlike packages, packets on the Internet have multiple headers attached by different networking protocols.)
MTU almost always is used in reference to layer 3* packets, or packets that use the Internet Protocol (IP). MTU measures the packet as a whole, including all headers and the payload. This includes the IP header and the TCP (Transport Control Protocol) header, which usually add up to 40 bytes in length.
When do packets become fragmented?
When two computing devices open a connection and begin exchanging packets, those packets are routed across multiple networks. It is necessary to take into account not just the MTU of the two devices at the ends of each communication, but all routers, switches, and servers in the middle as well. Packets that exceed the MTU on any point in the network path are fragmented.
Suppose Server A and Computer A are connected, but the data packets they send to each other have to pass through Router B and Router C along the way. Server A, Computer A, and Router B all have an MTU of 1,500 bytes. However, Router C has an MTU of 1,400 bytes. If Server A and Computer A are not aware of Router C's MTU and send 1,500-byte packets, all their data packets will be fragmented by Router B in transit.
Fragmentation adds a small degree of latency and inefficiency to network communications, so it should be avoided if possible. (Outdated network equipment may be vulnerable to denial-of-service attacks that exploit fragmentation, such as the "ping of death" attack.)
How does fragmentation work?
All network routers check the size of each IP packet they receive against the MTU of the next router that will receive the packet. If the packet exceeds the MTU of the next router, the first router breaks the payload into two or more packets, each with its own headers.
Each new packet has a header copied from the original packet (so that the packets all have the original source and destination IP addresses, etc.) with some important changes. The router edits certain fields in the IP header to indicate that the packets are fragmented and require reassembly, how many packets there are, and in what order they are being sent.
Imagine a shipping company is handling a package that exceeds the weight limits of one of their facilities. Instead of refusing to deliver the package, the shipping company divides the package contents into three smaller packages. It also duplicates the shipping label for each package and adds a note indicating that each package is one part of a series that must arrive together — the first package is 1 of 3, the second is 2 of 3, etc. (Such an approach by a shipping company would be a violation of privacy, so it should not occur in the real world.)
When is fragmentation not possible?
In certain cases, packets cannot be fragmented, and therefore they will not be delivered if they exceed the MTU of any router or device along the network path:
- Fragmentation is not permitted in IPv6. IPv6 is the latest version of the Internet Protocol, although IPv4 is still widely used. Routers that support IPv6 will drop any IPv6 packets that exceed the MTU, because they cannot be fragmented.
- Fragmentation is also not possible when the "Don't Fragment" flag is activated in a packet's IP header.
What is the 'Don't Fragment' flag in an IP header?
Think of the IP header as being like a form consumers fill out when shipping a package to someone. The form indicates source address, destination address, how soon the package should be delivered, and other special instructions for the delivery workers.
The "Don't Fragment" flag is a special instruction for routers, an option that can be selected in the "form" of an IP header. When the flag is set, the attached packet cannot be fragmented.
Any router that receives the packet will analyze the header and check for the Don't Fragment flag. If the flag is on and the packet exceeds the MTU, the router then drops the packet instead of fragmenting it.
In addition to dropping the packet, the router sends back an ICMP message to the packet's origin. An ICMP message is a very small data packet that sends a status update. In this case, it essentially says, "This router or device could not deliver these packets because they were too big and could not be fragmented."
What is path MTU discovery?
Path MTU discovery, or PMTUD, is the process of discovering the MTU of all devices, routers, and switches on a network path. If Computer A and Server A from the example above were to use PMTUD, they would identify Router B's MTU requirements and adjust their packet size accordingly to avoid fragmentation.
PMTU works slightly differently depending on whether the connected devices are using IPv4 or IPv6:
IPv4: IPv4 allows fragmentation and thus includes the Don't Fragment flag in the IP header. PMTUD in IPv4 works by sending test packets along the network path with the Don't Fragment flag turned on. If any router or device along the path drops the packet, it sends back an ICMP message with its MTU. The source device lowers its MTU and sends another test packet. This process is repeated until the test packets are small enough to traverse the entire network path without being dropped.
IPv6: For IPv6, which does not allow fragmentation, PMTUD works in much the same way. The key difference is that IPv6 headers do not have the Don't Fragment option and so the flag is not set. Routers that support IPv6 will not fragment IPv6 packets, so if the test packets exceed the MTU, the routers drop the packets and send back corresponding ICMP messages without checking for a Don't Fragment flag. IPv6 PMTUD sends smaller and smaller test packets until the packets can traverse the entire network path, just like in IPv4.
What is MSS?
MSS stands for maximum segment size. MSS is used by TCP at layer 4 of the Internet, the transport layer, instead of layer 3. MSS is only concerned with the size of the payload within each packet. It is calculated by subtracting the length of TCP and IP headers from MTU.
While packets that exceed a router's MTU are either fragmented or dropped, packets that exceed the MSS are always dropped.
To learn more about MTU and MSS, see What is MSS?