Filter
Top Products
ETEP Configuration
326 EncrypTight User Guide
Path Maximum Transmission Unit
The PMTU specifies the maximum payload size of a packet that can be transmitted by the ETEP. The
PMTU value excludes the Ethernet header, which is 14-18 bytes long, and the CRC. The PMTU setting
applies to the local and remote ports, as shown in Table 99. On the management port the PMTU is hard-
coded to 1400 bytes.
Before sending a packet from its remote or local port the ETEP compares the packet payload size to the
configured PMTU. Depending on payload size and appliance configuration the ETEP either discards the
packet, transmits the packet, or fragments the packet before transmitting, as described in Table 100.
Fragmentation resolves the problem of encryption overhead, which consists of the extra bytes that are
added to the packet as a result of security encapsulation. For example, a packet with a payload size of
1500 bytes may pass through the network without being discarded. But after encapsulation, the payload
size increases by 37-52 bytes. The resulting larger packet may be rejected by some equipment located in
the network between the two peer appliances. By fragmenting the packet, the separate fragments are not
rejected by the network.
The ETEP can be configured to perform pre-encryption or post-encryption fragmentation when it is
operating as a Layer 3 encryptor. This feature is called Reassembly mode, and it is defined on the
Interfaces tab in the Appliance editor. Reassembly mode cannot be configured when the Encryption
Policy Setting is set to Layer 2:Ethernet. At Layer 2, packets that are subject to fragmentation are
encrypted prior to fragmentation. Jumbo packets that exceed the PMTU are discarded.
When the ETEP is configured as a Layer 3 encryptor, the ETEP discards packets that exceed the PMTU
size and have the DF (do not fragment) bit set in the IP header. You can override the DF bit in the IP
header using the Ignore DF Bit setting on the local port.
Related topics:
● “Ignore DF Bit” on page 310
Table 99 Valid PMTU ranges on ETEP appliances
Appliance model Layer 2 PMTU range Layer 3 PMTU range Default
ET0010A 800-1500 bytes 576-1500 bytes 1500
ET0100A / / ET1000A 800-9300 bytes 576-9300 bytes 1500
Table 100 PMTU and fragmentation behavior on the ETEP
Packet Payload Size Layer 2 ETEP Layer 3 ETEP
Less than or equal to PMTU Passes the packet Passes the packet
Exceeds PMTU When operating in non-jumbo
mode (PMTU
≤1500), the ETEP
fragments packets that exceed
the PMTU.
When operating in jumbo mode
(PTMU 1501-9300), the ETEP
discards packets that exceed
the PMTU.
Fragments the packet if the
payload exceeds the PMTU by
less than 100 bytes, to allow for
encapsulation overhead.
Discards the packet under the
following circumstances:
- The payload exceeds the
PMTU by more than 100 bytes
- The DF bit is set in the IP
header.