Thursday, June 21, 2007

Check The MTU Setting On Your Computer

If you have connectivity to the Internet in general, but chronic or transient problems, your computer may have an MTU problem.

If you periodically lose connections with some servers, if some web sites load slowly, or if various problems come and go, you may have a problem with the size of the messages that pass between you and the web sites in question.

The Maximum Transmission Unit, aka MTU, is a setting on your computer, that controls the size of the messages.

Depending upon what networks are accessed, between your computer and a given web site, the MTU that you can use will vary.

If you make your MTU exceedingly small, you'll be able to avoid an MTU related problem, but loading a complete web page will take a long time. If you make the MTU too large, you'll see a variety of symptoms.
  • Some web pages may load incompletely.
  • Some web pages will give you a white screen.
  • Some web pages may return the old familiar
    404 Not Found
  • Some web pages may return another old favourite
    The connection has timed out.
    The server at xxxxxxx.blogspot.com is taking too long to respond.


Determining your MTU will be a matter of patience and persistence. I start by verifying that I have connectivity - period. I target the problem web site - in this example, www.yahoo.com. You should target the specific web site that you are having a problem accessing. If you can access "www.blogspot.com", but not "xxxxxx.blogspot.com", target "xxxxxx.blogspot.com".

I use the "ping" command, run in a command window.

C:\>ping www.yahoo.com

Pinging www.yahoo-ht3.akadns.net [209.131.36.158] with 32 bytes of data:

Reply from 209.131.36.158: bytes=32 time=13ms TTL=58
Reply from 209.131.36.158: bytes=32 time=14ms TTL=57
Reply from 209.131.36.158: bytes=32 time=14ms TTL=57
Reply from 209.131.36.158: bytes=32 time=14ms TTL=57

Ping statistics for 209.131.36.158:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 14ms, Average = 13ms


OK, that's good. I know that the IP address, in this case, is 209.131.36.158. And I know that www.yahoo.com (in this case www.yahoo-ht3.akadns.net) will respond to me, with 32 bytes of data. But 32 data bytes is way too small.

If I see anything different,

C:\>ping www.yahoo.com

Ping request could not find host www.yahoo.com. Please check the name and try again.


Then, I know that I have a different problem - maybe a DNS problem, or even LSP / Winsock / TCP/IP corruption.

Hoping that I'm seeing the first example above, I'll see what MTU I can use. The maximum that anybody can use is 1500, which includes a 28 byte header. When you ping, you specify the amount of data to ping with, not including the header. The maximum MTU for anybody is 1500, so I start with a data size of 1472.

And I'll ping using the IP address, so I don't involve DNS. I'll deal with DNS problems, separately.

Now, I use the "ping" command, run in a command window, with the options "-f" (lower case of "-F" = "Do not fragment"), and "-l" (lower case of "-L" = "Send buffer (data) of this size").

C:\>ping -f -l 1472 209.131.36.158

Pinging 209.131.36.158 with 1472 bytes of data:

Reply from 209.131.36.158: bytes=1472 time=83ms TTL=58
Reply from 209.131.36.158: bytes=1472 time=84ms TTL=57
Reply from 209.131.36.158: bytes=1472 time=87ms TTL=57
Reply from 209.131.36.158: bytes=1472 time=84ms TTL=57

Ping statistics for 209.131.36.158:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 83ms, Maximum = 87ms, Average = 84ms


That's a good return, and tells me that I don't have an MTU problem. If I had seen either of two other results

C:\>ping -f -l 1472 209.131.36.158

Pinging 209.131.36.158 with 1472 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 209.131.36.158:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


That's a fragmentation error from a router, or a server, telling me that my MTU is too large, and I set it to not fragment.

C:\>ping -f -l 1472 209.131.36.158

Pinging 209.131.36.158 with 1472 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 209.131.36.158:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


That could be a normal "This server isn't online" message. But since I did my baseline connectivity test (above) I don't think that this is the case. In this case, a router or server is simply dropping my ping request, as above because my MTU is too large, and I set it to not fragment. This is called a "black hole" router or server.

Some servers will respond, and tell you that you have a problem (giving you a fragmentation error); others will ignore you (giving you a black hole error). With a server farm similar to "xxxxxxx.blogspot.com", you could have some of the first type, and others of the second type. The network that you go through, to reach the server(s) in question can vary, by the second. Your symptoms can vary, from day to day, and from second to second.

If I see either a black hole error (router or server simply dropping my ping), or a fragmentation error (router or server telling me that I have a problem), I know that I have to reduce my MTU. I'll start by reducing it by 20.

C:\>ping -f -l 1452 209.131.36.158

Pinging 209.131.36.158 with 1452 bytes of data:

Reply from 209.131.36.158: bytes=1452 time=83ms TTL=58
Reply from 209.131.36.158: bytes=1452 time=84ms TTL=57
Reply from 209.131.36.158: bytes=1452 time=87ms TTL=57
Reply from 209.131.36.158: bytes=1452 time=84ms TTL=57

Ping statistics for 209.131.36.158:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 83ms, Maximum = 87ms, Average = 84ms


So 1452 is good, but maybe too small. So now, I'll try making it bigger, in steps of 2.


C:\>ping -f -l 1454 209.131.36.158

Pinging 209.131.36.158 with 1454 bytes of data:

Reply from 209.131.36.158: bytes=1454 time=83ms TTL=58
Reply from 209.131.36.158: bytes=1454 time=84ms TTL=57
Reply from 209.131.36.158: bytes=1454 time=87ms TTL=57
Reply from 209.131.36.158: bytes=1454 time=84ms TTL=57

Ping statistics for 209.131.36.158:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 83ms, Maximum = 87ms, Average = 84ms


Again, too small. Keep going up by 2.

... (later)

C:\>ping -f -l 1466 209.131.36.158

Pinging 209.131.36.158 with 1466 bytes of data:

Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 209.131.36.158:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


OK, 1466 is too large. Back down by 2 to 1464. Add the 28 byte header, giving me an MTU of 1492. This is a common value for the MTU, for many who can't use 1500.

Do you see the technique used? I found the MTU, by bracketing it. I started from a value too large (1472 data bytes), went down by 20 (to 1452, though I might have gone progressively lower) to a value too small, then up by 2 (to 1466) again too large. Then back down to the largest value where no error was seen (1464, in this case), an even number.

There's nothing magical about the sequence "Down by 20, Up by 2". You can use any sequence that pleases you. Try "Down by 60, Up by 20, Down by 2". Or "Down by 80, Up by 8, Down by 2". It's your computer. The point is to find the largest data size that you can successfully ping the target server with, then add the 28 bytes for the header, giving you the maximum MTU that you can use.

Note that I said "maximum MTU". If you find out that "www.yahoo.com" is accessible with an MTU of 1492, but "www.google.com" isn't, you'll have to repeat the process, from the beginning, using "www.google.com" as the target. Always target the problem web site.

Once you know what MTU to use, if your computer is running Windows 2000 or XP, you can set it using the free tool DrTCP, from DSLReports. Download DrTCP, into any convenient folder, and run it from there. You'll be changing the "MaxMTU" or "MTU" value under Adapter Settings. If you have multiple network adapters, be sure to choose the one that provides the Internet service.

If your computer is running Windows Vista, you can set the MTU by using the "netsh" command. Hopefully, Windows 7 and 8 have a working version of "MTU AutoTuning" - and people with computers running either Windows Edition are not here, looking for advice.

The MTU isn't an efficient tuning factor, but you have to use it. It's part of IP networking, and your access to the Internet.

>> Top

3 comments:

noodle said...

i have never seen such a helpful answer. very user friendly, easy to understand and explained simply simple..... i am impressed!!!! i also am recommending you to my friends. thank you very much.

sincerely,

chevygirl

Alex said...

very useful post but i get stuck at a point 1413, if i put values greater than 1413 it shows 'packet needs to be fragmented' but if i put any value less than 1413,it shows'Request timed out' ..Help

Chuck Croll said...

Alex,

It sounds like you have 2 problems.

First, set your MTU to 1440 (1412 + 28). Get the fragmentation issue sorted.

Then, figure out why you are getting "Request timed out". What host name - mapped to what IP address - are you targeting?

Also, what is your original symptom?