Windows 7 doesn’t request MTU from DHCP server; what is it thinking

ethernetipmtunetworkingwindows 7

My computer's Ethernet adapter uses 1,500 byte Ethernet frames. Normally this means that my Local Area Connection's MTU is 1500 bytes.

But my (IPv4) connection to the Internet has some overhead. This means that my actual MTU when communicating to the Internet is 1492. This is causing all the regular problems that exist with mis-configured interface MTU.

The Router Can Fix It

Obviously i could use netsh, and override my network interface with a custom MTU. But i don't want to do that. My router's DHCP server already knows that the MTU is 1492. If asked, the DHCP Server will respond with DHCP option 26:

26 MTU Interface = 1492

So it was driving me nuts why the DHCP server isn't telling my Windows 7 machine the MTU setting as one of the items it returns in the DHCP offer:

54 DHCP Server Identifier = 192.168.1.1
51 IP Address Lease Time = 2 hours
1 Subnet Mask = 255.255.255.0
15 Domain Name = example.local
3 Router = 192.168.1.1
6 Domain Name Server = 8.8.8.8, 8.8.4.4, 74.82.42.42

No MTU Interface! So my machine's Ethernet is stuck at 1500 bytes.

DHCP server's did what it's supposed to do

It took more digging, but i realized that DHCP Server's only give what the client asked for. During my Windows 7 DHCP Discover, Windows 7 enumerates the list of all the DHCP options it would like returned:

1 Subnet Mask
15 Domain Name
3 Router
6 Domain Name Server
44 NetBIOS over TCP/IP Name Server
46 NetBIOS over TCP/IP Node Type
47 NetBIOS over TCP/IP Scope
31 Perform Router Discovery
33 Static Route
121 Classless Static Route
249 Classless Static Route (Microsoft)
43 Vendor-Specific Information

Windows 7 isn't even asking for the MTU!

It must know what it's doing

Windows must have a reason why it's not asking for the MTU; but i don't know what it is. At first i thought it was because it was using Path Maximum MTU Discovery. But PMTU only works for TCP connections, uses the TCP MSS (Maximum Segment Size) option, and requires that the local MSS option be correct.

In my case the TCP MSS setting (which comes from the MTU option) is wrong. It is 1460 bytes

  1500 interface MTU
-   20 bytes IP header = 1480 bytes
-   20 bytes TCP header
= 1460 bytes MSS

which is too high.

Note: I can confirm Windows is using an MSS of 1460 bytes from a SYN packet, when a TCP connection is being established.

If not PathMTU, then what?

What is Windows 7 thinking? What is the intended behavior here? What were the network stack developers at Microsoft thinking should happen?

Now pretend that my Internet MTU is actually 1472 (which it is), and pretend that my Ethernet adapter actually uses 8,192 byte Ethernet frames (which it does). What is a corporation supposed to do? Am i supposed to walk up to every machine in the enterprise and type:

>netsh interface ipv4 set interface interface="Local Area Connection" mtu=1472 store=persistent

That's not reasonable. And even if it were reasonable, it's not what i'm asking.

I'm trying to understand what Windows wants to have happen. i'm trying to understand how it should behave. i'm trying to learn something here. Pretend that my Internet gateway is a 576 byte ATM; how do i instruct Windows 7 machines that the MTU if they want to send to the Internet is 576 bytes?

Bonus Reading

Best Answer

Path MTU is not TCP only and doesn't use MSS (though as you have surmised, MSS is derived from MTU). Any hop that receives a packet too big to forward will send an ICMP fragmentation needed packet back to the origin. This is part of layer 3 and is independent of TCP.

The problem with PMTU is that the incoming ICMP packets are often dropped or not forwarded to the origin, and so the origin does not know to reduce the packet size.

As your router knows that the next hop MTU is 1472, it should be sending PMTU packets to your clients. You can check this with wireshark, and if it is not doing this, it needs fixing.

You have a couple of workarounds. One is to set the inside interface of the router's MTU to 1472, which will mean it gets actioned before the router does any processing. The other option is (if you can do it with your router) is to turn on the DF bit for every packet. This is a pretty brutal workaround as any full size packets will end up as two separate packets, one small, one large, with the resultant overhead.

In a corporate setting, all three approaches may be used, but hard setting mtu on the router LAN interface is pretty common.

(I have never come across an instance where DHCP is used to mediate MTU, it wouldn't be the right place in most cases, because the internal MTU and border MTU often different, where you might use jumbo frames internally, but need to reduce to normal size for internet traffic)

Windows 7, Windows Vista

To show current MTU on Windows 7 or Windows Vista, from a command prompt:

C:\Users\Ian>netsh interface ipv6 show subinterfaces

       MTU  MediaSenseState   Bytes In  Bytes Out  Interface
----------  ---------------  ---------  ---------  -------------
      1280                1   24321220    6455865  Local Area Connection
4294967295                1          0    1060111  Loopback Pseudo-Interface 1
      1280                5          0          0  isatap.newland.com
      1280                5          0          0  6TO4 Adapter

And for IPv4 interfaces:

C:\Users\Ian>netsh interface ipv4 show subinterfaces

       MTU  MediaSenseState   Bytes In  Bytes Out  Interface
----------  ---------------  ---------  ---------  -------------
      1500                1  146289608   29200474  Local Area Connection
4294967295                1          0      54933  Loopback Pseudo-Interface 1

Note: In this example my Local Area Connection IPv6 interface has such a low MTU (1280) because i'm using a tunnel service to get IPv6 connectivity.

You can also change your MTU (Windows 7, Windows Vista). From an elevated command prompt:

>netsh interface ipv4 set subinterface "Local Area Connection" mtu=1492 store=persistent
Ok.

Tested with Windows 7 Service Pack 1

Windows XP

The netsh syntax for Windows XP is slightly different:

C:\Users\Ian>netsh interface ip show interface

Index:                                  1
User-friendly Name:                     Loopback
Type:                                   Loopback
MTU:                                    32767
Physical Address:                       

Index:                                  2
User-friendly Name:                     Local Area Connection
Type:                                   Etherenet
MTU:                                    1500
Physical Address:                       00-03-FF-D9-28-B7

Note: Windows XP requires that the Routing and Remote Access service be started before you can see details about an interface (including MTU):

C:\Users\Ian>net start remoteaccesss

Windows XP does not provide a way to change the MTU setting from within netsh. For that you can:

follow the instructions in KB283165 - How to change the PPPoE MTU size in Windows XP
use Dr. TCP (Note: Windows 2000/XP only)

Tested with Windows XP Service Pack 3

+------------------------+
| 12 bytes control flags | \
| 4 byte from address    | |
| 4 byte to address      | |- IP and ICMP header: 28 bytes
|------------------------| |
| 8 byte ICMP header     | /
|------------------------|
| 1472 byte payload      |
|                        |
|                        |
|                        |
+------------------------+

That's where the "missing" 28 bytes is - it's the size of the headers required to send a ping packet.

When you send a ping packet, you can specify how much extra payload data you'd like to include. In this case, if you include all 1472 bytes:

>ping -l 1472 obsidian

Then the resulting ethernet packet will be full to the gills. Every last byte of the 1500 byte packet will be filled:

+------------------------+
| 12 bytes control flags | \
| 4 byte from address    | |
| 4 byte to address      | |- IP and ICMP header: 28 bytes
|------------------------| |
| 8 byte ICMP header     | /
|------------------------|
|........................|
|........................|
|. 1472 bytes of junk....|
|........................|
|........................|
|........................|
|........................|
+------------------------+

If you try to send one more byte

>ping -l 1473 obsidian

the network will have to fragment that 1501 byte packet into multiple packets:

Packet 1 of 2
+------------------------+
| 20 bytes control flags | \
| 4 byte from address    | |
| 4 byte to address      | |- IP and ICMP header: 28 bytes
|------------------------| |
| 8 byte ICMP header     | /
|------------------------|
|........................|
|........................|
|..1472 bytes of payload.|
|........................|
|........................|
|........................|
|........................|
+------------------------+

Packet 2 of 2
+------------------------+
| 20 bytes control flags | \
| 4 byte from address    | |
| 4 byte to address      | |- IP and ICMP header: 28 bytes
|------------------------| |
| 8 byte ICMP header     | /
|------------------------|
|.                       |
| 1 byte of payload      |
|                        |
|                        |
|                        |
|                        |
|                        |
+------------------------+

This fragmentation will happen behind the scenes, ideally without you knowing.

But you can be mean, and tell the network that the packet is not allowed to be fragmented:

>ping -l 1473 -f obsidian

The -f flag means do not fragment. Now when you try to send a packet that doesn't fit on the network you get the error:

>ping -l 1473 -f obsidian  

Packet needs to be fragmented but DF set.

The packet needs to be fragmented, but the Do not Fragment flag was set.

If anywhere along the line a packet needed to be fragmented, the network actually sends an ICMP packet telling you that a fragmentation happened. Your machine gets this ICMP packet, is told what the largest size was, and is supposed to stop sending packets too big. Unfortunately most firewalls block these "Path MTU discovery" ICMP packets, so your machine never realizes the packets are being fragmented (or worse: dropped because they couldn't be fragmented).

That's what causes web-server to not work. You can get the initial small (<1280 byte) responses, but larger packets can't get through. And the web-server's firewalls are misconfigured, blocking ICMP packets. So the web-server doesn't realize you never got the packet.

Fragmentation of packets is not allowed in IPv6, everyone is required to (correctly) allow ICMP mtu discovery packets.

Linux – How to configure a large mtu (linux)

What you are seeing are most likely not jumbo frames. Something like 99.9% of the Internet runs on a 1500 byte and lower MTU after all. It is probably just your kernel or network card doing coalescing of packets.

It does this using a feature usually called Generic Recieve Offload (GRO) or Large Receieve Offload (LRO). The way this works is that packets within a single flow gets identified and merged, then fed to the TCP/IP stack. This can save an significant amount of CPU cycles as it reduces the amount of round trips into the stack.

Try this: ethtool -K $INTERFACE gro off

Which turns off this feature and makes wireshark happier (though not your CPU)

You could still use higher MTU's locally, but it doesnt buy you very much anymore precisely due to features like this and of course ever faster hardware. Also it can be a management nightmare. There are lots of buggy drivers and hardware, and varying degree of support setting MTU through DHCP or RA in operating systems. As you want all devices in a given broadcast domain to be running the same MTU this often makes jumbo frames impractical.

The Router Can Fix It

DHCP server's did what it's supposed to do

It must know what it's doing

If not PathMTU, then what?

Bonus Reading

Best Answer

Related Solutions

Windows – How to tell what MTU is being used in Windows XP

Windows 7, Windows Vista

Windows XP

See also

Linux – How to configure a large mtu (linux)

Related Question