Network maximum transmission unit (MTU) for your EC2 instance – Amazon Elastic Compute Cloud
Mục Lục
Network maximum transmission unit (MTU) for your EC2
instance
The maximum transmission unit (MTU) of a network connection is the size, in bytes, of the
largest permissible packet that can be passed over the connection. The larger the MTU of a
connection, the more data that can be passed in a single packet. Ethernet frames consist of
the packet, or the actual data you are sending, and the network overhead information that
surrounds it.
Ethernet frames can come in different formats, and the most common format is the standard
Ethernet v2 frame format. It supports 1500 MTU, which is the largest Ethernet packet size
supported over most of the internet. The maximum supported MTU for an instance depends on
its instance type.
The following rules apply to instances that are in Wavelength Zones:
-
Traffic that goes from one instance to another within a VPC in the same Wavelength
Zone has an MTU of 1300. -
Traffic that goes from one instance to another that uses the carrier IP within a
Wavelength Zone has an MTU of 1500. -
Traffic that goes from one instance to another between a Wavelength Zone and the
Region that uses a public IP address has an MTU of 1500. -
Traffic that goes from one instance to another between a Wavelength Zone and the
Region that uses a private IP address has an MTU of 1300.
To see Network MTU information for Windows instances, switch to this page
in the Amazon EC2 User Guide for Windows Instances guide:
Network maximum transmission unit (MTU)
for your EC2 instance.
Jumbo frames (9001 MTU)
Jumbo frames allow more than 1500 bytes of data by increasing the payload size per
packet, and thus increasing the percentage of the packet that is not packet overhead.
Fewer packets are needed to send the same amount of usable data. However, traffic is
limited to a maximum MTU of 1500 in the following cases:
-
Traffic over an internet gateway
-
Traffic over an inter-region VPC peering connection
-
Traffic over VPN connections
-
Traffic outside of a given AWS Region for EC2-Classic
If packets are over 1500 bytes, they are fragmented, or they are dropped if the
Don't Fragment
flag is set in the IP header.
Jumbo frames should be used with caution for internet-bound traffic or any traffic
that leaves a VPC. Packets are fragmented by intermediate systems, which slows down this
traffic. To use jumbo frames inside a VPC and not slow traffic that’s bound for outside
the VPC, you can configure the MTU size by route, or use multiple elastic network
interfaces with different MTU sizes and different routes.
For instances that are collocated inside a cluster placement group, jumbo frames help to
achieve the maximum network throughput possible, and they are recommended in this case.
For more information, see Placement groups.
You can use jumbo frames for traffic between your VPCs and your on-premises networks
over AWS Direct Connect. For more information, and for how to verify Jumbo Frame capability, see
Setting Network MTU
in the AWS Direct Connect User Guide.
All Amazon EC2 instance types support 1500 MTU and all current generation
instance types support jumbo frames. The following previous generation instance types support jumbo frames: A1, C3, G2, I2, M3, and R3.
For more information about supported MTU sizes for transit gateways, see MTU in
Amazon VPC Transit Gateways.
Path MTU Discovery
Path MTU Discovery (PMTUD) is used to determine the path MTU between two devices. The
path MTU is the maximum packet size that’s supported on the path between the originating
host and the receiving host. When there is a difference in the MTU size in the network
between two hosts, PMTUD enables the receiving host to respond to the originating host
with an ICMP message. This ICMP message instructs the originating host to use the lowest
MTU size along the network path and to resend the request. Without this negotiation,
packet drop can occur because the request is too large for the receiving host to accept.
For IPv4, when a host sends a packet that’s larger than the MTU of the receiving host
or that’s larger than the MTU of a device along the path, the receiving host or device
drops the packet, and then returns the following ICMP message: Destination
(Type 3, Code
Unreachable: Fragmentation Needed and Don't Fragment was Set
4). This instructs the transmitting host to split the payload into multiple smaller
packets, and then retransmit them.
The IPv6 protocol does not support fragmentation in the network. When a host sends a
packet that’s larger than the MTU of the receiving host or that’s larger than the MTU of
a device along the path, the receiving host or device drops the packet, and then returns
the following ICMP message: ICMPv6 Packet Too Big (PTB)
(Type 2). This
instructs the transmitting host to split the payload into multiple smaller packets, and
then retransmit them.
By default, security groups do not allow any inbound ICMP traffic. If you don’t
explicitly configure an ICMP inbound rule for your security group, PMTUD is blocked. For
more information about configuring ICMP rules in a network ACL, see Path MTU
Discovery in the Amazon VPC User Guide.
Important
Path MTU Discovery does not guarantee that jumbo frames will not be dropped by
some routers. An internet gateway in your VPC will forward packets up to 1500 bytes
only. 1500 MTU packets are recommended for internet traffic.
Check the path MTU between two hosts
You can check the path MTU between two hosts using the tracepath command, which is
part of the iputils
package that is available by default on many
Linux distributions, including Amazon Linux.
To check path MTU using tracepath
Use the following command to check the path MTU between your EC2 instance
and another host. You can use a DNS name or an IP address as the destination.
If the destination is another EC2 instance, verify that the security group allows
inbound UDP traffic. This example checks the path MTU between an EC2 instance and
amazon.com
.
[ec2-user ~]$
tracepath amazon.com
1?: [LOCALHOST] pmtu 9001
1: ip-172-31-16-1.us-west-1.compute.internal (172.31.16.1) 0.187ms pmtu 1500
1: no reply
2: no reply
3: no reply
4: 100.64.16.241 (100.64.16.241) 0.574ms
5: 72.21.222.221 (72.21.222.221) 84.447ms asymm 21
6: 205.251.229.97 (205.251.229.97) 79.970ms asymm 19
7: 72.21.222.194 (72.21.222.194) 96.546ms asymm 16
8: 72.21.222.239 (72.21.222.239) 79.244ms asymm 15
9: 205.251.225.73 (205.251.225.73) 91.867ms asymm 16
...
31: no reply
Too many hops: pmtu 1500
Resume: pmtu 1500
In this example, the path MTU is 1500.
Check and set the MTU on your Linux instance
Some instances are configured to use jumbo frames, and others are configured to use
standard frame sizes. You may want to use jumbo frames for network traffic within your
VPC or you may want to use standard frames for internet traffic. Whatever your use case,
we recommend verifying that your instance will behave the way you expect it to. You can
use the procedures in this section to check your network interface’s MTU setting and
modify it if needed.
To check the MTU setting on a Linux instance
You can check the current MTU value using the following ip
command. Note that in the example output, mtu 9001
indicates that this instance uses jumbo frames.
[ec2-user ~]$
ip link show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001
qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 02:90:c0:b7:9e:d1 brd ff:ff:ff:ff:ff:ff
To set the MTU value on a Linux instance
-
You can set the MTU value using the ip command. The following command
sets the desired MTU value to 1500, but you could use 9001 instead.[ec2-user ~]$
sudo ip link set dev eth0 mtu
1500
-
(Optional) To persist your network MTU setting after a reboot, modify the
following configuration files, based on your operating system type.-
For Amazon Linux 2, add the following line to the
/etc/sysconfig/network-scripts/ifcfg-eth0
file:MTU=
1500
Add the following line to the
/etc/dhcp/dhclient.conf
file:request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-search, domain-name-servers, host-name, nis-domain, nis-servers, ntp-servers;
-
For Amazon Linux, add the following lines to your
/etc/dhcp/dhclient-eth0.conf
file.interface "eth0"
{
supersede interface-mtu1500
; } -
For other Linux distributions, consult their specific
documentation.
-
-
(Optional) Reboot your instance and verify that the MTU setting is correct.
Troubleshoot
If you experience connectivity issues between your EC2 instance and an Amazon Redshift cluster
when using jumbo frames, see Queries Appear to Hang in the Amazon Redshift Management Guide