diagrams
Networking

Packet Fragmentation

IP packet fragmentation is the process by which a router or sender splits an IP packet into smaller fragments when the packet exceeds the Maximum Transmission Unit (MTU) of the outgoing link, allowing it to traverse network segments with different MTU limits.

diagram.mmd — flowchart
Edit in Graphlet →
Packet Fragmentation flowchart diagram
About Source

IP packet fragmentation is the process by which a router or sender splits an IP packet into smaller fragments when the packet exceeds the Maximum Transmission Unit (MTU) of the outgoing link, allowing it to traverse network segments with different MTU limits.

Every network link has an MTU — the maximum size of a single frame it can carry. Ethernet's standard MTU is 1500 bytes. VPN tunnels, PPPoE, and some WAN links have smaller effective MTUs. If a packet is larger than the link's MTU, it must be fragmented or dropped.

IPv4 Fragmentation: In IPv4, fragmentation can occur at any router along the path. The IP header contains fragment offset and "More Fragments" flag fields. The router splits the packet body into chunks, creating new IP headers for each fragment with the same identification field, appropriate offsets, and the MF flag set on all but the last fragment. Fragments are reassembled only at the destination.

IPv6 No-Router Fragmentation: IPv6 routers do not fragment packets. If a packet is too large, the router drops it and sends an ICMPv6 "Packet Too Big" message back to the source. The source is responsible for fragmenting using its own Fragment extension header. This simplifies router processing.

PMTUD (Path MTU Discovery): Rather than relying on fragmentation, modern systems use PMTUD to discover the smallest MTU along the path. IPv4 PMTUD works by sending packets with the DF (Don't Fragment) bit set. If a router can't forward the packet due to MTU, it sends an ICMP "Fragmentation Needed" message with the link's MTU. The sender reduces its packet size. IPv6 uses this approach exclusively.

TCP MSS Clamping: TCP uses the Maximum Segment Size (MSS) option during the three-way handshake to negotiate maximum segment sizes that fit within the path MTU, avoiding fragmentation proactively. VPN gateways often clamp MSS to account for tunnel overhead.

Fragmentation issues can cause mysterious connectivity problems: PMTUD works only if ICMP isn't blocked by firewalls.

Free online editor
Edit this diagram in Graphlet
Fork, modify, and export to SVG or PNG. No sign-up required.
Open in Graphlet →

Frequently asked questions

IP packet fragmentation is the process of splitting an IP packet into smaller pieces when it is too large for a network link's MTU (Maximum Transmission Unit). The standard Ethernet MTU is 1500 bytes. If a packet exceeds the MTU of an outgoing link, it must be fragmented or dropped, with fragments reassembled only at the destination.
Path MTU Discovery (PMTUD) proactively discovers the smallest MTU along the path. IPv4 PMTUD sends packets with the DF (Don't Fragment) bit set. If a router must drop the packet because it's too large, it sends back an ICMP "Fragmentation Needed" message indicating the link's MTU. The sender reduces packet size accordingly. IPv6 requires this approach exclusively — IPv6 routers never fragment packets.
In IPv4, any router along the path can fragment a packet. In IPv6, only the source host may fragment using a Fragment extension header; routers drop oversized packets and send an ICMPv6 "Packet Too Big" message back to the sender. IPv6's approach simplifies router processing and shifts fragmentation responsibility to endpoints.
PMTUD relies on ICMP messages, which many firewalls incorrectly block ("ICMP black holes"), causing connections to stall at a certain packet size. VPN tunnels add overhead that reduces the effective MTU, and MSS clamping may not account for this correctly, causing fragmentation or connection hangs. Diagnosing these issues typically requires traceroute with packet size testing.
mermaid
flowchart TD Packet([IP Packet: 2000 bytes]) --> MTUCheck{Packet size\nvs link MTU?} MTUCheck -->|Fits within MTU\ne.g. packet 1400B, MTU 1500B| Forward([Forward packet\nno fragmentation]) MTUCheck -->|Exceeds MTU\ne.g. packet 2000B, MTU 1500B| DFCheck{DF bit set\nDont Fragment?} DFCheck -->|DF=0 IPv4 fragmentation allowed| Fragment[Fragment at router\nSplit payload into chunks] Fragment --> Frag1[Fragment 1\noffset=0, MF=1\n1480 bytes data] Fragment --> Frag2[Fragment 2\noffset=185, MF=0\n520 bytes data] Frag1 --> Transit[Network Transit] Frag2 --> Transit Transit --> Reassemble[Destination reassembles\nusing ID + offset + MF flag] Reassemble --> Delivered([Original packet delivered]) DFCheck -->|DF=1 or IPv6 no router frag| ICMP[Router drops packet\nSends ICMP\nFragmentation Needed\nwith link MTU] ICMP --> PMTUD[Source receives ICMP\nReduces PMTU\nRetransmits smaller packet] PMTUD --> MTUCheck
Copied to clipboard