What is the recommended MTU for protected devices?

What is the recommended maximum transmission unit (MTU) for protected devices?

Airwall Edge Services encapsulate and encrypt the full Layer 2 frame.

Depending on the cipher and size of the input frame, you may not want to have the outgoing encapsulated packet to end up fragmented. These recommendations should help avoid fragmented packets.

Solution

Enter the exact APN as what is provisioned for the SIM card as given by the cellular provider.

AES-256 CBC with HMAC SHA256

Given an MTU of 1500, the maximum plain text Overlay Ethernet frame size without fragmenting on the ciphertext underlay is 1421 bytes.

The Airwall Gateway HIP tunnel adds 79 bytes of overhead. For each frame (less than 1421 bytes), our overhead varies between 79-94 bytes.

AES-256 GCM

Given an MTU of 1500, the maximum plain text overlay Ethernet frame size without fragmenting on the ciphertext underlay is 1425 bytes.

The Airwall Gateway HIP tunnel adds 67 bytes of overhead. For each frame (less than 1425 bytes), our overhead varies between 67-78 bytes.

To allow for the HIP tunnel overhead due to encapsulation, use an MTU of 1500.