I cant work out how everyone else managed to get mtu of 1500 working on pppoe

Started by allebone, November 23, 2021, 02:10:18 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
November 23, 2021, 02:10:18 PM
Hi,

Im with an ISP that allows the MTU of 1492 to be brought up to 1500 on a pppoe connection. Its not clear to me how everyone else achieved this. I have read several topics on the forum and tried the suggestions but I cant seem to get it to work on OPNsense 21.7.5-amd64.

I had a pppoe connection on top of em0 interface working on MTU of 1492 and started by setting the MTU to 1508 there which then states "calculated MTU 1500"

This had no effect so I read other posts that said you needed to make a dummy interface of em0 and simply enable it and set an mtu of 1508 there which I also did.

This also had no effect even after rebooting. The pppoe dials and ends up with an mtu of 1492 at the end. What is the method people use to force an mtu as I am clearly missing a step?

Kind regards
P
November 23, 2021, 05:53:34 PM #1
Maybe this image would clear it up a bit...

November 23, 2021, 06:42:18 PM #2 Last Edit: November 23, 2021, 07:20:27 PM by johndchch
Quote from: allebone on November 23, 2021, 02:10:18 PM
I had a pppoe connection on top of em0 interface working on MTU of 1492 and started by setting the MTU to 1508 there which then states "calculated MTU 1500"

that really is all that is needed - here's what ifconfig shows for me - it works


vmx1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1508
        options=800028<VLAN_MTU,JUMBO_MTU>
        ether 00:0c:29:44:42:53
        inet6 fe80::20c:29ff:fe44:4253%vmx1 prefixlen 64 scopeid 0x2
        media: Ethernet autoselect
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
...
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
        inet xxx.xxx.xxx.xx --> xxx.xxx.xx.x netmask 0xffffffff
        inet6 xxxx::xxx:xxxx:xxxx:xxxx%pppoe0 prefixlen 64 scopeid 0x7
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

and from window I can confirm the mtu really is 1500

ping -f -l 1472 www.google.com

Pinging www.google.com [142.250.71.68] with 1472 bytes of data:
Reply from 142.250.71.68: bytes=68 (sent 1472) time=42ms TTL=117
Reply from 142.250.71.68: bytes=68 (sent 1472) time=41ms TTL=117

November 23, 2021, 09:47:33 PM #3 Last Edit: November 23, 2021, 09:49:05 PM by allebone
Thank you both for your replies. Unfortunately when I do ifconfig my MTU is not changed despite setting it. I dont know why this is:

pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492

I have checked and rebooted multiple times and for sure edited the MTU on the dummy interface and the pppoe connection in addition. There must be something different but I cant work it out.
November 24, 2021, 06:45:39 PM #4
Quote from: allebone on November 23, 2021, 09:47:33 PM
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492

I have checked and rebooted multiple times and for sure edited the MTU on the dummy interface and the pppoe connection in addition. There must be something different but I cant work it out.

what's the MTU shown on the parent ethernet device the pppoe device is attached to - and what hardware is that interface running on? It is possible the actual ethernet device won't allow mtu >1500
November 24, 2021, 08:14:33 PM #5
I see... I did set the parent interface to 1508 but I had not considered/didnt know the hardware would make a difference. I am using a protectli box so the nics are intel gigabit nics. If that doesnt support this then that would make sense I cant get it to work.
November 25, 2021, 08:29:23 AM #6
Quote from: allebone on November 24, 2021, 08:14:33 PM
I see... I did set the parent interface to 1508 but I had not considered/didnt know the hardware would make a difference. I am using a protectli box so the nics are intel gigabit nics. If that doesnt support this then that would make sense I cant get it to work.

Intel NICs definitely can do mini jumbo frames - before I virtualised I ran bare metal and used mini jumbos on an i210, worked fine
November 25, 2021, 08:55:02 AM #7
Don't know if it helps you but my PPPoE connection only started working when I applied mss clamping.

So setting my MTU on the physical interface to 1508, so the PPPoE tunnel gets an MTU of 1500 (according to RFC 4638) and applying MSS clamping 1448 made everything work great. Dropped CPU load as well.

November 25, 2021, 10:35:05 AM #8
You should take care that the actual L2 supports that MTU as well or else the packets will get silently dropped somewhere.
November 25, 2021, 05:27:44 PM #9
Quote from: joeyboon on November 25, 2021, 08:55:02 AM
Don't know if it helps you but my PPPoE connection only started working when I applied mss clamping.

So setting my MTU on the physical interface to 1508, so the PPPoE tunnel gets an MTU of 1500 (according to RFC 4638) and applying MSS clamping 1448 made everything work great. Dropped CPU load as well.

MSS of 1448 implies a MTU of 1488 - so you've basically overriden your MTU and actually gone even smaller than the default PPPoE mtu of 1492
November 25, 2021, 08:33:16 PM #10
Im at a loss why it doesnt work then. I have a switch that should allow it, and set all the options as others did but simply doesnt work :(
November 25, 2021, 09:21:48 PM #11
switch shouldn't matter as it's on the LAN side - I'm presuming you have a direct connection from your opnsense WAN nic to whatever terminates your ISP connection ( ONT / docsis modem etc )?

have you got a MTU of 1508 to work with this ISP and any other equipment previously? It could be that they're rejecting the larger MTU (PPP-max-payload) during pppoe mtu negotiation
November 26, 2021, 05:06:45 AM #12
No actually I dont have that setup. I have a normal RJ45 connection going from the wan port of the firewall to the switch which the switch vlan tags and then an SFP module in a different port on the same switch which is also on that same vlan as the connection is fiber and I cant plug that directly into the firewall as there are no ports to accommodate it. As far as I know everyone else on Bell Fibe has it working or at least they claim to have it working on the posts I have read at 1500 MTU.
November 28, 2021, 09:30:43 AM #13
Quote from: allebone on November 26, 2021, 05:06:45 AM
I have a normal RJ45 connection going from the wan port of the firewall to the switch which the switch vlan tags and then an SFP module in a different port on the same switch which is also on that same vlan as the connection is fiber and I cant plug that directly into the firewall as there are no ports to accommodate it..

that should work fine - I'm running vlan trunking between two 10gbe switches to get the ISP feed from the GPON ONT in my garage thru to where the firewall actually sits.

You have checked you've got jumbo frames enabled on the switch if the switch has an option for it ( though a lot of switxhes nowdays just accept anything up to 9K frames and don't have an option to enable/disable jumbo support )
November 29, 2021, 03:22:54 AM #14
No worries thanks for trying to help anyway. Yes its a unifi switch and has an option... I will sit on this problem for a while and if I notice anything will post back but as there is no immediate answer will require me to do some digging around on my own to try make progress...
Print
Go Up Pages1 2
User actions