Background: When packets get transported they are cut into manageable chunks because routers & switches only have a limited amount of RAM. Normally each chunk is 1500 bytes BUT when packets get encapsulated in PPPoE or VPN a header gets added to the packet which takes up a few bytes. Now the packet is 1515 bytes and needs to be chopped into 2 chunks; the first is 1500 bytes and the second is only 15 bytes. Now it is taking TWICE as many packets to send the same amount of data. A normal ping packet is 1472 bytes.
1500 bytes (Ethernet mtu) - 20 byte (IP header) - 8 byte (ICMP header) = 1472 byte
Why is this a problem? Performance is the obvious answer but some older equipment will flag the smaller packet as “Runts” and discard them.
How to fix? INTERNALLY we can make the MTU size as large as 9000 bytes as long as all of your network equipment supports that, but EXTERNALLY we can only expect internet gear to support 1500 bytes. We need to decrease the MTU slightly, so the final packet size is under 1500 when the encapsulating header gets added.
How to test? externally
Internally we can use the ping command and the -f “do not fragment” flag
ping google.com -f -l 1472
gradually increase the last number until you get the message
Packet needs to be fragmented but DF set.