pf and different MTUs
Michael E.Conlen
meconlen at obfuscated.net
Fri Jan 28 13:51:09 PST 2005
On Jan 28, 2005, at 4:36 PM, Chuck Swiger wrote:
> Michael E.Conlen wrote:
>> I'm using FreeBSD and PF as a firewall between two networks. I want
>> to change the MTU on one network to 9k but I have to leave the MTU on
>> the other network at 1500 bytes. Will the system handle the
>> fragmenting for me going from the larger MTU to the smaller?
>
> Sure. However, if you have a lot of traffic using jumbo frames going
> over that 1500 MTU segment, you might be better off using an MTU of
> 1500 everywhere.
>
At least half the traffic I use now doesn't go over that link and would
benefit from the larger MTU. In addition I'm constrained on resources
for those servers where as I can add additional firewalls without great
expense. On the other side there is a good bit of traffic going over
those links that would use jumbo frames but not all of it would. In
addition the cost of using two separate networks for the traffic would
be more than adding two more firewalls (based on the cost of doubling
the number of ports) so I'm figuring this is the way to go.
Thanks.
More information about the freebsd-questions
mailing list