Black-hole hop detected - MTU conflicts possible

A device in the path is unable to properly participate in MTU negotiation. The typical symptom is a slow-running network in one direction only.

Recommended action

  • Use consistent MTU values on all devices within any given subnet.
  • Use routers, not Layer 2 switches or bridges, to connect devices of different MTUs.
  • Upgrade VPN devices that introduce black holes.
  • Avoid reducing end-station MTUs to compensate for misconfigured networks.
  • Review test results from a full path test, i.e. a test to all hops, to determine the origin of the MTU bottleneck and black hole.

Detailed explanation

There are several specifications for MTU negotiation, many of which are not implemented. However, most applications follow RFC 1191, which requires that all IP packets have their "DF" (Don't Fragment) bits set to "on". When a packet is too big to be forwarded by a router, but the DF bit is set to "on" in the packet's IP header, the router must discard the packet and may return the destination unreachable message "fragmentation needed and DF set" (which essentially means the packet is too large).

A black-hole hop is a device that fails to send the "fragmentation needed and DF set" message, which will confuse the socket and cause some applications to run slowly, or even fail.

A packet-loss condition can cause an MTU underestimate. See "Detected MTU is a known standard", "Detected MTU is nonstandard", and "Packet loss detected".

Possible secondary messages

  • "Does not reply when packet size larger than measured path MTU"
  • "Packet loss conditions may have generated an incorrect diagnosis"
  • "Jumbo MTU (>1500 bytes) detected at local interface"
  • Recommended action: Check the local interface MTU setting in relation to connecting layer-2 device (Ethernet switch) for conflict. Some network interfaces don’t support MTU constrictions at the first connecting device. If this is the case, manually configuring the local MTU to agree with the switch MTU may resolve the issue. In a multi-tiered switch environment, there may be a switch-to-switch MTU conflict. Otherwise, check ingress and egress interfaces associated with the first appearance of the black-hole diagnostic message. MTU negotiation should only be handled at properly configured layer-3 devices like routers, never at layer two devices (switches). Ensure RFC 1191 and ICMP are enabled on all routing devices.


Related topics

Maximum Transmission Unit (MTU)

Other resources