Menu
Amazon Elastic Compute Cloud
User Guide for Windows Instances

Network Maximum Transmission Unit (MTU) for Your EC2 Instance

The maximum transmission unit (MTU) of a network connection is the size, in bytes, of the largest permissible packet that can be passed over the connection. The larger the MTU of a connection, the more data that can be passed in a single packet. Ethernet packets consist of the frame, or the actual data you are sending, and the network overhead information that surrounds it.

Ethernet frames can come in different formats, and the most common format is the standard Ethernet v2 frame format. It supports 1500 MTU, which is the largest Ethernet packet size supported over most of the Internet. The maximum supported MTU for an instance depends on its instance type. All Amazon EC2 instance types support 1500 MTU, and many current instance sizes support 9001 MTU, or jumbo frames.

Jumbo Frames (9001 MTU)

Jumbo frames allow more than 1500 bytes of data by increasing the payload size per packet, and thus increasing the percentage of the packet that is not packet overhead. Fewer packets are needed to send the same amount of usable data. However, outside of a given AWS region (EC2-Classic), a single VPC, or a VPC peering connection, you will experience a maximum path of 1500 MTU. VPN connections and traffic sent over an Internet gateway are limited to 1500 MTU. If packets are over 1500 bytes, they are fragmented, or they are dropped if the Don't Fragment flag is set in the IP header.

Jumbo frames should be used with caution for Internet-bound traffic or any traffic that leaves a VPC. Packets are fragmented by intermediate systems, which slows down this traffic. To use jumbo frames inside a VPC and not slow traffic that's bound for outside the VPC, you can configure the MTU size by route, or use multiple elastic network interfaces with different MTU sizes and different routes.

For instances that are collocated inside a placement group, jumbo frames help to achieve the maximum network throughput possible, and they are recommended in this case. For more information, see Placement Groups.

The following instances support jumbo frames:

  • Compute optimized: C3, C4, CC2

  • General purpose: M3, M4, T2

  • Accelerated computing: CG1, F1, G2, G3, P2

  • Memory optimized: CR1, R3, R4, X1

  • Storage optimized: D2, HI1, HS1, I2, I3

Path MTU Discovery

Path MTU Discovery is used to determine the path MTU between two devices. The path MTU is the maximum packet size that's supported on the path between the originating host and the receiving host. If a host sends a packet that's larger than the MTU of the receiving host or that's larger than the MTU of a device along the path, the receiving host or device returns the following ICMP message: Destination Unreachable: Fragmentation Needed and Don't Fragment was Set (Type 3, Code 4). This instructs the original host to adjust the MTU until the packet can be transmitted.

By default, security groups do not allow any inbound ICMP traffic. To ensure that your instance can receive this message and the packet does not get dropped, you must add a Custom ICMP Rule with the Destination Unreachable protocol to the inbound security group rules for your instance. For more information, see Path MTU Discovery.

Important

Modifying your instance's security group to allow path MTU discovery does not guarantee that jumbo frames will not be dropped by some routers. An Internet gateway in your VPC will forward packets up to 1500 bytes only. 1500 MTU packets are recommended for Internet traffic.

Check the Path MTU Between Two Hosts

You can check the path MTU between two hosts using the mturoute.exe command, which you can download and install from http://www.elifulkerson.com/projects/mturoute.php.

To check path MTU with mturoute.exe

  1. Download mturoute.exe from http://www.elifulkerson.com/projects/mturoute.php.

  2. Open a command prompt window and change to the directory where you downloaded mturoute.exe.

  3. Use the following command to check the path MTU between your Amazon EC2 instance and another host. You can use a DNS name or an IP address as the destination; this example checks the path MTU between an EC2 instance and www.elifulkerson.com.

    Copy
    .\mturoute.exe www.elifulkerson.com * ICMP Fragmentation is not permitted. * * Speed optimization is enabled. * * Maximum payload is 10000 bytes. * + ICMP payload of 1472 bytes succeeded. - ICMP payload of 1473 bytes is too big. Path MTU: 1500 bytes.

    In this example, the path MTU is 1500.

Check and Set the MTU on your Amazon EC2 Instance

Some instances are configured to use jumbo frames, and others are configured to use standard frame sizes. You may want to use jumbo frames for network traffic within your VPC or you may want to use standard frames for Internet traffic. Whatever your use case, we recommend verifying that your instance will behave the way you expect it to. You can use the procedures in this section to check your network interface's MTU setting and modify it if needed.

To check the MTU setting on a Windows instance

You can check the current MTU value using the following netsh command. In the output, look for an entry titled "Ethernet," "Ethernet 2," or "Local Area Connection." Note that in the example output, 9001 indicates that this instance uses jumbo frames.

Copy
netsh interface ipv4 show subinterface MTU MediaSenseState Bytes In Bytes Out Interface ------ --------------- --------- --------- ------------- 9001 1 317337 692805 Ethernet

To identify the MTU entry on a Windows instance

The MTU entry for the adapter is either MTU (Elastic Network Adapter) or *JumboPacket (Intel 82599 VF interface). To verify which entry to use with this instance, use the following Get-NetAdapterAdvanceProperty command. Note that in the example output, the entry is MTU.

Copy
Get-NetAdapterAdvancedProperty -Name "Ethernet" Name DisplayName DisplayValue RegistryKeyword RegistryValue ---- ----------- ------------ --------------- ------------- Ethernet MTU 9001 MTU {9001}

To set the MTU value on a Windows instance

  1. Confirm the type of network driver for your instance. The network driver for your instance determines whether you can update the MTU value. For more information, see Paravirtual Drivers for Windows Server Instances.

  2. If your instance uses an AWS PV network driver, the MTU value is 9000 and you can't update it. If your instance uses a Citrix PV, Intel, or ENA network driver, continue with this procedure.

  3. Ensure that your drivers are up to date. For more information, see Upgrading PV Drivers on Your Windows Instances.

  4. Use the netsh interface command to set the MTU value. Replace Ethernet with the value of the Interface column from the output of netsh when you checked the current MTU value.

    Copy
    netsh interface ipv4 set subinterface "Ethernet" mtu=1500 store=persistent

    Citrix PV drivers interpret MTU to mean max frame size, so you must subtract 18 to set the correct value. The following example sets a value of 1500 MTU by specifying 1482. Alternatively, you could set a value of 9001 by specifying 8983.

    Copy
    netsh interface ipv4 set subinterface "Ethernet" mtu=1482 store=persistent
  5. To finish setting the MTU to 9001, use the Set-NetAdapterAdvancedProperty command. This command is not necessary when setting the MTU to 1500. For the -RegistryKeyword option, use the MTU entry that you identified for your adapter, MTU or *JumboPacket.

    Copy
    Set-NetAdapterAdvancedProperty -Name "Ethernet" -RegistryKeyword "MTU" -RegistryValue 9001
  6. Reboot your instance and verify that the MTU setting is correct.

Troubleshooting

If you experience connectivity issues between your EC2 instance and an Amazon Redshift cluster when using jumbo frames, see Queries Appear to Hang in the Amazon Redshift Cluster Management Guide