Setting the MTU in an MPLS Network
If juggling MTU and MSS weren’t tricky enough, there’s potential for it to get even more confusing when the MPLS MTU is added into the picture.
How MPLS Affects Frame Size
MPLS changes the way traffic is forwarded by adding labels to packets. Each label is four bytes long, and you may have a stack of several labels.
The labels are added between the Ethernet header and the IP header. The result is that the IP packet size does not change, but the Ethernet frame size does.
Think of a simple L3VPN network, where the MTU is set to 1500 bytes on all interfaces.
Adding two labels, of four bytes each, means that the packet with labels is 1508 bytes. This is the MPLS MTU.
The Ethernet standard says that a frame can be as large as 1518 bytes. 18 of those will be Ethernet headers, leaving 1500 bytes as the IP MTU.
So, if we have a 1500 byte packet, two labels, and Ethernet headers, the frame size is now 1526 bytes.
This is just over the 1518 byte limit, so it’s called a Baby Giant. Strictly speaking, the Ethernet standard says that this should be dropped, as it’s too large. However, most modern routers and switches turn a blind eye and allow Baby Giants.
Any frame over 1518 and less than 1600 bytes is a Baby Giant. Anything over 1600 bytes is a Jumbo Frame.
Do I Need to Change Anything?
Generally, you can leave this alone. Configuring MPLS on regular interfaces will not cause a problem.
Where we do run into problems, is when we use tunnels and IPSec. They add even more headers, which grows the frame even further.
Enabling jumbo frames may help when using tunnels and encryption. They allow frames to grow to around 9000 bytes
As an example, let’s say that we have a tunnel with IPSec encryption. The MTU is set to 1400 bytes, and the MSS is adjusted to 1360.
If you add MPLS with two labels, you would adjust the MPLS MTU to 1408. On a Cisco router, you could do this with:
mpls mtu 1408
What if Baby Giants are not Supported?
It is possible that your LSR, or another device in the path, does not support baby giants. This would mean that the frame size cannot go over 1518 bytes. So what do you do now?
To account for this, the MPLS MTU (that is, the maximum size for the packet plus the MPLS labels) can be lowered to 1500 bytes, preventing it from going over the limit.
That means your maximum IP MTU, and MSS if you’re adjusting it, will also need to be lowered.
What if We Set the MPLS MTU Too Low?
Imagine that your IP MTU is set to 1400, the MSS is adjusted to 1360, and then you set the MPLS MTU to 1300.
What effect would that have? You may see a problem with TCP traffic.
Hosts on both ends of the path will advertise their MSS values during the three-way handshake. The MSS is adjusted, bringing it down 1360 bytes.
One of the hosts sends a large packet to the other host. The LSR receives the packet, and needs to insert the MPLS tags.
The MPLS IP is set to 1300 bytes, so the LSR decides that this packet needs to be fragmented before the tags are added.
Now you have fragmentation. This can cause performance issues. This can also cause traffic to drop if the DF bit is set.
Cisco – MPLS FAQ for Beginners
Network World – Understanding CEF in an MPLS VPN Environment
Cisco Press – MPLS Fundamentals: Forwarding Labeled Packets