QinQ MTU

Similar Messages

• 6500 xconnect and QinQ frames

  Hi, I want to pass all vlanes from a client. I have a tunnel-port in both 3560 and then I have an mpls xconnect between 6500. The 6500's are connected with a pvc with encapsulation aal5snap. This is the schema:
  3560 --Gb -- 6500 -- ATM PVC -- 6500 -- Gb 3560
  The problem is that the xconnect does not carry QinQ frames, it only sends the frames from the client that are untagged.
  How can I pass the QinQ frames between the 6500's?
  Thanks

  This is the current 6500 configuration, I have tried with the same result this configuration and other using subinterfaces. The xconnect works because I could see the untagged frame int both sites. The interface Gig1/9 from the 6500 is connected with the interface Fa0/1 from the 3560.
  interface GigabitEthernet1/9
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  mtu 9216
  no ip address
  interface Vlan3003
  description VLL_CLIENT1
  no ip address
  xconnect 10.0.0.3 3003 encapsulation mpls
  show modules:
  #sh mod
  Mod Ports Card Type                              Model              Serial No.
    1    9  Supervisor Engine 32 8GE (Active)      WS-SUP32-GE-3B     SAL12426MVE
    2    0  4-subslot SPA Interface Processor-200  7600-SIP-200       JAE1244Z5PF
  Mod MAC addresses                       Hw    Fw           Sw           Status
    1  0021.d89e.c846 to 0021.d89e.c851   4.6   12.2(18r)SX2 12.2(18)SXF1 Ok
    2  0021.a06d.fdc0 to 0021.a06d.fdff   2.303 12.2(18)SXF1 12.2(18)SXF1 Ok
  Mod  Sub-Module                  Model              Serial       Hw     Status
    1  Policy Feature Card 3       WS-F6K-PFC3B       SAL12405HZN  2.4    Ok
    1  Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A      SAL12426HJD  4.0    Ok
  2/0 2xOC3 ATM SPA               SPA-2XOC3-ATM      JAE1244Z6G2  1.1    Ok
  Mod  Online Diag Status
    1  Pass
    2  Pass
  2/0 Not Applicable
  The 3560 configuration is this:
  interface FastEthernet0/1
  description 6500_Uplink
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface FastEthernet0/8
  description CLIENT1
  switchport access vlan 3003
  switchport mode dot1q-tunnel
  l2protocol-tunnel cdp
  l2protocol-tunnel lldp
  l2protocol-tunnel stp
  l2protocol-tunnel vtp
  no cdp enable
  Thanks in advance

• MTU for AToM question...

  Hi:
  I have a question regarding AToM.
  Say I have CE1---PE1----P1----P2----PE2-----CE2
  CE1 to PE1 - Ethernet 802.1Q
  CE2 to PE2 - FR
  To get AToM up and working, would I need to change the mtu on the PE and P routers in the core?
  And if so to what value?
  What command would I use, if I had to: mtu or mpls mtu?
  Thanks for your help.
  Sincerely.

  So you would want to change the mpls mtu on the PE and P routers to accommodate a full ethernet frame plus the two mpls labels and any other additional info, like control words or vlan tag you might be transferring across the backbone, a value like 1514 would work, but if you ever decide to do straight ethernet to ethernet l2vpn with QinQ, then you would be up to 1530. If you maybe did serial links in the future, you'd maybe be up to 4480-4490.
  In most SP environments I've worked it, its standard to set the mpls backbone mpls mtu to 9100 or 9192 at install time to remove any issues with the backbone mtu.
  Mpls mtu only affects handling of labeled packets, not unlabeled packets.

• MTU Interaction

  Theory question..
  Utilizing QinQ on a 3550 do I need to set the VLAN MTU to match the System MTU? If the System MTU is Larger than the VLAN MTU will the switch fragment the packet, or will the downstream Router the switch is connected to fragment the packet if its associated VLAN MTU is smaller than the System MTU.?

  Theory question..
  Utilizing QinQ on a 3550 do I need to set the VLAN MTU to match the System MTU? If the System MTU is Larger than the VLAN MTU will the switch fragment the packet, or will the downstream Router the switch is connected to fragment the packet if its associated VLAN MTU is smaller than the System MTU.?

• QinQ EoMPLS

  I have a SUP720(port based mpls) and a SUP2 (SVI based mpls.) I can get the VC to come up if I wanted to do one vlan accross my network.
  I am having issues getting a port to trunk across my EoMPLS to a 7200 router.
  Currently, I have a Flex-wan module for the SUP2 side, which supports this, but I am getting different views based off the QinQ.
  Any ideas?

  No I kept the MTU at 1500.
  What I mean by that is that it seems everyone is doing it slightly different from another.
  I've been all over Cisco's site and I cannot find any clear definite way that other engineers are setting this up.
  Also, it seems that this topic is considered part of two different departments at Cisco, so not one department is able to go over the entire setup because they either know MPLS or they know dot1q.
  I just wish there was a document that was like, "this is what you need to do this."

• C2600xm MPLS and QinQ support

  Does anybody know an IOS version that supports both MPLS and QinQ support.  Nearly all advance enterprise services 12.4 support QinQ and some 12.3T, but i believe that later versions of IOS 12.3 and onwards removed MPLS support.  I could really do with finding both these features in the same IOS as it would greatly help me study.  IOS selector is hard to trust as it doesnt appear to label MPLS support under some IOS which i know have the commands.  Also certain 12.3T ios have been deferred which makes getting them to try hard to begin with.
  So far i have tried the below.
  c2600-adventerprisek9-mz.123-11.T.bin <-- QinQ no mpls
  c2600-adventerprisek9-mz.123-26.bin <-- no QinQ
  c2600-advipservicesk9-mz.123-4.T6.bin <--no QinQ
  c2600-telco-mz.123-26.bin <-- MPLS but no QinQ
  c2600-telco-mz.124-7.bin <- no MPLS
  All the 12.4 IOS have had the tag-switching/MPLS commands removed.
  Any help will be most appreciated!

  Hi,
  If your CE at both ends are routers, then you can configure both CE's with a Sub interface on the trunk link that is going towards PE. On this Sub interface of CEs you can configure IP address and also, if CEF is enabled on router and the interface then you can use mpls ip command on this sub interface and form LDP neighborship between both CEs over this l2 circuit.
  Yes MTU size will have to be capable of supporting this increased packet size.
  Regards,
  Shailendra

• Mid 2010 Macbook Pro - Change MTU size kills internet (Jumbo Frames)

  Hi everyone, i'm hoping someone here can enlighten or help me solve my problem I'm having.
  I am trying to change my MTU size to enable Jumbo frames on my 13 inch Mid 2010 Macbook Pro. I recently bought a ReadyNAS Ultra and would like to speed up transfers to the unit.
  My setup is as follows:
  I have my ReadyNAS Ultra 2 and 2010 Macbook Pro (Core 2 Duo) wired via cat6 ethernet to my 5th Generation Apple Airport Extreme. The Airport Extreme is connected via cat5e to my AT&T Uverse Gateway which is set up to allow my Airport to assign DHCP and NAT (gateway is in bridge mode with wireless off).
  Anyways, I have enabled Jumbo frames on my ReadyNAS, when I enable them on my MBP.. it applies fine. It disconnects / reconnects the ethernet like it should, but then my connection drops. I can't see any devices on my LAN and I cannot access any internet websites, but according to the network pane I am still assigned a valid dhcp address. When I manually try to increase my MTU size, the same thing happens (from 9000 to 1600 I tried every size).....
  Could it be my MBP just can't suppose the increase of MTU size? It leaves them at 1500 when I set it to automatic... if it doesn't support the increased MTU size, why would it let me custom change the MTU and even give an option to select "Jumbo Frames (9000)"?
  I appreciate any help in advance!!

  asdftroy wrote:
  If you did read my post then you would have saw that the option is there, but that is not entirely what my inquiry is about. The option isn't working as intended, and I was wondering if anyone had the same issues as me. Thanks anyways.
  Anyone else?
  The way you responded to someone trying to help you probably means others will be hesitant to try.

• Asa 5505 dsl / mtu based ssl problem

  Hi everyone,
  We moved our office to a different location (including our dsl conncetion). We also updated our asa from 8.0.3 to 8.0.4.
  Since then, I'm having trouble opening the webportal from customers having a dedicated line.
  I'm getting the certificate, can confirm it but the page won't load. When setting down the MTU size on the client everything works fine. Using a DSL or UMTS Line also works like a charm.
  î've set:
  mtu inside 1500
  mtu outside 1492
  sysopt connection tcpmss 1452
  crypto ipsec df-bit clear-df inside
  crypto ipsec df-bit clear-df outside
  i also attached an packet trace showing tcp checksum errors while loading the page.
  Anybody has an idea?

  Julian,
  You are contributing to the issue with "sysopt connection tcpmss 1452"
  Change it back to the default "1380" or lower - I suggest lower I use "1300"
  And the commands
  crypto ipsec df-bit clear-df inside
  crypto ipsec df-bit clear-df outside
  AFAIK they do not apply to the SSL connections

• My MBP has started to send out TCP packets larger than the MTU on the NIC - is there any place that this can be overriden?

  Got a very weird issue here and wondering if anyone has any other ideas. Basically over the wired NIC only, my Mac has started to send out large HTTP/HTTPS packets from the browser (> 1500 bytes) Captures show packet sizes from 2000 all the way to 4000 sometimes. This happens in Firefox and Chrome so doesn't appear to be application related.
  This causes fragmentation issues and traffic drops which basically causes most of my websites and  tools to crash and burn (and I get all sorts of SSL errors from applications, etc).
  It appears to be limited to just TCP packets as pings with the DF bit set will not send any larger than 1500 bytes.
  However if I switch to wireless, everything works fine and captures show the correct maximum packet size of 1500 for all packets leaving my client.
  The MTU on the  en0 interface is 1500 as per ifconfig and I made sure that it was set to 1500 in Network config panel (because there is an option for jumbo frames there which bumps up the MTU).
  A packet capture also shows that during the three way handshake the TCP MSS is successfully sent and negotiated as 1480, but then it appears to ignore that when sending packets later in the TCP stream.
  I've rebooted, upgraded to 10.7.4, checked the "sysctl" outputs and matched against a Mac not having the issue.
  This is the newest MBP 15 inch model.
  Any other ideas on things to check?

  Have you used any sort of "tuner" software? You are obviously an advanced user. Sometimes we hack things up and forget about it later. If you are sure you didn't do that, maybe poke around with IPv6 settings. Supposedly people are trying to enable that and it is going to be a disaster.

• Right way of configuring higher MTU over a Port Channel

  Hi guys,
  I have a running critical Port-Channel between two locations.
  Here's the config
  SW1:
  interface Port-channel2
   switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
  end
  interface GigabitEthernet1/45
   switchport trunk encapsulation dot1q
   switchport mode trunk
   channel-protocol lacp
   channel-group 2 mode active
  end
  interface GigabitEthernet1/46
   switchport trunk encapsulation dot1q
   switchport mode trunk
   channel-protocol lacp
   channel-group 2 mode active
  end
  SW2
  interface GigabitEthernet1/1
   switchport trunk encapsulation dot1q
   switchport mode trunk
   channel-protocol lacp
   channel-group 2 mode passive
  end
  interface GigabitEthernet1/2
   switchport trunk encapsulation dot1q
   switchport mode trunk
   channel-protocol lacp
   channel-group 2 mode passive
  end
  interface Port-channel2
   switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
  end
  Now I need to increase the MTU from default value to 9198. What the right way to do it and avoid any connectivity loss, PortChannel restart.
  Does it matter what switch I start first?
  Thanks!
  L.E. both SW are WS-C4948

  Hi,
  Because you are using layer 2 interfaces - there is no fragmentation support at layer 2, and interfaces receiving frames which have an unsupported size will be dropped.
  I think the best way for you to proceed is to lab this up; and verify what happens - it may be that you need to make changes on switches at either end of the channel within a very short time frame to prevent too large an outage.
   When you are ready to maike your change - think the best way to do this is to use the interface range command, and apply the 'mtu' command to all the interfaces in this range. I don't think it matters which switch you apply this change to first, and I don't believe if you are hinting at the 802.3ad (controlled by system-priority) decision maker, that it makes any difference.
  HTH
  Mike

• Airport card MTU speed needs to be changed

  How do I change the MTU speed on my airport card? Internet hangs and runs slow. Rouert is N1 and support says mtu should ne 1400. Cant figure out how to change it.

  I had a similar problem; in the end I got tired of working with terminal because the changes are not permanent. I went Googling and found that the OSX utility application 'Cocktail' allows you to customise MTU settings permanently. There are several applications available, but I settled for the one mentioned. Works like a charm for me. Try it and see if it does for you.

• How do I reduce the MTU on my Airport Extreme Ethernet connection?

  Hi there,
  Is it possible to reduce the MTU on the Ethernet connection inside the Airport Extreme Base station. I was having trouble accessing some websites, but was able to fix it on a direct ethernet connection by reducting the MTU setting to below 1500. However, when I connect wirelessly ( I have a DSL modem connected to the WAN port of an Airport Extreme Base station), I still have the same problem, but there seems to be nowhere in the Admin utility where I can reduce the MTU for the connection.
  Anyone know a work around for this?
  Thanks
  Martin
  iMac G5   Mac OS X (10.4.3)   Airport Extreme

  Don't know if this will help, but if you use cocktail there is a place under "Network" where you can change the mtu setting for the machine you are using. I also remember seeing some info on this in the unix support group here in the forums.
  PowerMac G4 MDD 2GB Ram, 1Ghz TiBook 1GB Ram   Mac OS X (10.3.9)  

• HP LaserJet 400 MFP M425dn: bug in MTU path discovery, printer reboots via web interface

   Firmware Datecode: 20121205
  1. We can not access this MFU over VPN link. Otherer devices are accessed successfully.
  As far as I understand there is an error in MTU Path Discovery.
  tcpdump logs are attached.
  Is there a way to change MTU of this device?
  2. This MFU a  reboots when I open page "Settings" of "Networking" submenu (/hp/device/set_config_networkSettings.html?tab=Networking&menu=NetSettings) if option "System" -> "System Setup" -> "Language" is "Russian". But this looks like a very good feature since I've have not found the way to reboot this printer remotely.
  Here I was tring to access web interface over VPN (IPSec), 192.168.4.135 is IP of my comp, 192.168.160.200 - is IP of MFU, 192.168.160.254 is a gateway:
  $ tcpdump -n -r printer-1.pcap
  reading from file printer-1.pcap, link-type EN10MB (Ethernet)
  17:20:29.337867 IP 192.168.4.135.54147 > 192.168.160.200.80: Flags [S], seq 2356029847, win 8192, options [mss 1460,nop,nop,sackOK], length 0
  17:20:29.338026 IP 192.168.160.200.80 > 192.168.4.135.54147: Flags [S.], seq 614551948, ack 2356029848, win 8760, options [mss 1460,nop,nop,sackOK], length 0
  17:20:29.344909 IP 192.168.4.135.54147 > 192.168.160.200.80: Flags [.], ack 1, win 64240, length 0
  17:20:29.348488 IP 192.168.4.135.54147 > 192.168.160.200.80: Flags [P.], seq 1:304, ack 1, win 64240, length 303
  17:20:29.348564 IP 192.168.160.200.80 > 192.168.4.135.54147: Flags [.], ack 304, win 8457, length 0
  17:20:29.378872 IP 192.168.160.200.80 > 192.168.4.135.54147: Flags [P.], seq 1:513, ack 304, win 8457, length 512
  17:20:29.379063 IP 192.168.160.200.80 > 192.168.4.135.54147: Flags [.], seq 513:1973, ack 304, win 8457, length 1460
  17:20:29.379100 IP 192.168.160.254 > 192.168.160.200: ICMP 192.168.4.135 unreachable - need to frag (mtu 1280), length 48
  17:20:29.379103 IP 192.168.160.200.80 > 192.168.4.135.54147: Flags [.], seq 1973:3433, ack 304, win 8457, length 1460
  17:20:29.379135 IP 192.168.160.254 > 192.168.160.200: ICMP 192.168.4.135 unreachable - need to frag (mtu 1280), length 48
  17:20:29.379251 IP 192.168.160.200.80 > 192.168.4.135.54147: Flags [.], seq 1:1461, ack 304, win 8457, length 1460
  17:20:29.379272 IP 192.168.160.254 > 192.168.160.200: ICMP 192.168.4.135 unreachable - need to frag (mtu 1280), length 48
  17:20:29.379274 IP 192.168.160.200.80 > 192.168.4.135.54147: Flags [.], seq 1461:2921, ack 304, win 8457, length 1460
  17:20:29.379304 IP 192.168.160.254 > 192.168.160.200: ICMP 192.168.4.135 unreachable - need to frag (mtu 1280), length 48
  17:20:29.379306 IP 192.168.160.200.80 > 192.168.4.135.54147: Flags [.], seq 2921:4381, ack 304, win 8457, length 1460
  17:20:29.379335 IP 192.168.160.254 > 192.168.160.200: ICMP 192.168.4.135 unreachable - need to frag (mtu 1280), length 48
  17:20:29.379338 IP 192.168.160.200.80 > 192.168.4.135.54147: Flags [.], seq 1:1461, ack 304, win 8457, length 1460
   This is more detailed view on some packets.
  $ tcpdump -nv -r printer-1.pcap
  17:20:29.379063 IP (tos 0x0, ttl 64, id 1, offset 0, flags [DF], proto TCP (6), length 1500)
  192.168.160.200.80 > 192.168.4.135.54147: Flags [.], cksum 0x7233 (correct), seq 513:1973, ack 304, win 8457, length 1460
  17:20:29.379100 IP (tos 0x0, ttl 64, id 62678, offset 0, flags [DF], proto ICMP (1), length 68)
  192.168.160.254 > 192.168.160.200: ICMP 192.168.4.135 unreachable - need to frag (mtu 1280), length 48
  IP (tos 0x0, ttl 64, id 1, offset 0, flags [DF], proto TCP (6), length 1500)
  192.168.160.200.80 > 192.168.4.135.54147: Flags [.], seq 513:1973, ack 304, win 8457, length 1460
  17:20:29.379103 IP (tos 0x0, ttl 64, id 1, offset 0, flags [DF], proto TCP (6), length 1500)
  192.168.160.200.80 > 192.168.4.135.54147: Flags [.], cksum 0x5edf (correct), seq 1973:3433, ack 304, win 8457, length 1460
  17:20:29.379135 IP (tos 0x0, ttl 64, id 62679, offset 0, flags [DF], proto ICMP (1), length 68)
  192.168.160.254 > 192.168.160.200: ICMP 192.168.4.135 unreachable - need to frag (mtu 1280), length 48
  IP (tos 0x0, ttl 64, id 1, offset 0, flags [DF], proto TCP (6), length 1500)
  192.168.160.200.80 > 192.168.4.135.54147: Flags [.], seq 1973:3433, ack 304, win 8457, length 1460
  17:20:29.379251 IP (tos 0x0, ttl 64, id 1, offset 0, flags [DF], proto TCP (6), length 1500)
  192.168.160.200.80 > 192.168.4.135.54147: Flags [.], cksum 0x0c1c (correct), seq 1:1461, ack 304, win 8457,
   P.S. This thread has been moved from LaserJets to Multifunction and All-in-One - HP Forums Moderator

  John Getzke wrote:
  Its hard to understand what you are trying to do or ask here.   We have some offices connected via IPSEC tunnels. IPSEC interface's MTU is 1280 bytes (not 1500 bytes as Ethernet). All other devices successfully work over this VPN link. HP m2727 works. HP m425dn does not work. As a network administrator I've traced source of problem on all possible points and found that HP m425dn has a bug in the "Path MTU Path discovery" routine. The logs I attached shows that any packet of the TCP stream that the printer (160.200) sends to host (4.135) has "Don't fragment" flag set. According to IP standard the router HAVE TO discard the packet with DF flag set and size bigger then MTU since it can not pass a packet further without fragmentation - IPSEC MTU is 1280 bytes only while HP sends 1500 bytes. The router informs the printer about this problem with ICMP message Type: 3 (Destination unreachable) with Code: 4 (Fragmentation needed) suggesting MTU of next hop: 1280. The router does not communicate with the printer itself, it just informs the printer about network problem. According to IP standard the printer HAVE TO resend this data with the size of packet decreased according to suggested size. This is expected behavior of the Path MTU discovery routine. But the printer  sends the packet again with the same size and DF flag set. The router again discards the packet and informs printer... This cycle repeats again and again until connection is closed due to timeout. Therefore "Path MTU discovery" routine is broken at this device. It would not be a serious problem, but the printer resends packets at rate over 28000 pps (about 40 MBytes per seconds) and its CPU is so heavily loaded that it even does not respond to touches on its touchscreen. So an innocent attempt to print document on terminal server located at another office leads to inaccessibility of the printer.
   The network dump can be downloaded in PCAP format from here.

• Anyconnect fails to connect with a message that it tried to set a specific MTU but it was already enabled with a different MTU - (SOLVED)

  Cisco Anyconnect 3.1.05160 fails to setup the VPN tunnel, it prompts with this message:
  "The VPN client driver encountered an error. Please restart your computer or device, then try again."
  Authentication and everything seems to go through but it won't work.
  The computer is a brand new HP with Windows 7. I have treid first with some later 2.x Anyconnect with same result.
  The follow entries are printed in the event log:
  Level Date and Time Source Event ID Task Category
  Error 2014-05-10 16:19:28 acvpnagent 2009 None Termination reason code 13:
  Unable to start VA, setup shared queue, or VA gave up on shared queue.
  Error 2014-05-10 16:19:28 acvpnagent 2 Engineering Debug Details Function: CVpnMgr::main
  File: .\VpnMgr.cpp
  Line: 1847
  Invoked Function: IHostMgr::enableHostMgr
  Return Code: -23592949 (0xFE98000B)
  Description: HOSTMGR_ERROR_ALREADY_ENABLED_WITH_DIFFERENT_MTU:An attempt was made to enable the tunnel's network interface with a specific MTU but it was already enabled with a different MTU.

  This was caused by the good old HP mess-up-your-computer services. 
  Disable the service "HP Device Locking / Auditing" and the VPN will be able to connect. 

• MTU option of IPv6 router advertisement ignored

  I recently turned up an IPv6 tunnel from Hurricane Electric (http://tunnelbroker.net/) to my home router, which is a Cisco 1921 ISR.  The IPv6 tunnel works great, save for one small problem.  That being that the MTU of the tunnel is 1480 and the MTU on my Mac is 1500.  If I manually set the MTU on my Mac to 1480, everything works as expected.  However, part of IPv6 autoconfig is setting the MTU for situations like this where there is a tunnel or the more common PPPoE, both of which require a lower MTU.  The router is configured to set this option, and I can see it via tcpdump and radvdump:
  [root@strongbad]# tcpdump -i en0 -n -XX icmp6
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
  11:36:09.218626 IP6 fe80::ca9c:1dff:fed6:17a0 > ff02::1: ICMP6, router advertisement, length 64
      0x0000:  3333 0000 0001 c89c 1dd6 17a0 86dd 6e00  33............n.
      0x0010:  0000 0040 3aff fe80 0000 0000 0000 ca9c  ...@:...........
      0x0020:  1dff fed6 17a0 ff02 0000 0000 0000 0000  ................
      0x0030:  0000 0000 0001 8600 1266 4000 0708 0000  .........f@.....
      0x0040:  0000 0000 0000 0101 c89c 1dd6 17a0 0501  ................
      0x0050:  0000 0000 05c8 0304 40c0 0027 8d00 0009  ........@..'....
      0x0060:  3a80 0000 0000 2001 0470 e9ba 0001 0000  :........p......
      0x0070:  0000 0000 0000                           ......
  [root@strongbad]# radvdump
  # radvd configuration generated by radvdump 1.6
  # based on Router Advertisement from fe80::ca9c:1dff:fed6:17a0
  # received by interface en0
  interface en0
      AdvSendAdvert on;
      # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
      AdvManagedFlag off;
      AdvOtherConfigFlag off;
      AdvReachableTime 0;
      AdvRetransTimer 0;
      AdvCurHopLimit 64;
      AdvDefaultLifetime 1800;
      AdvHomeAgentFlag off;
      AdvDefaultPreference medium;
      AdvSourceLLAddress on;
      AdvLinkMTU 1480;
      prefix 2001:470:e9ba:1::/64
          AdvValidLifetime 2592000;
          AdvPreferredLifetime 604800;
          AdvOnLink on;
          AdvAutonomous on;
          AdvRouterAddr off;
      }; # End of prefix definition
  }; # End of interface definition
  You can plainly see the MTU is at 1500, when it should be 1480:
  [root@strongbad]# ifconfig en0
  en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      ether 00:16:cb:ab:af:0d
      inet6 fe80::216:cbff:feab:af0d%en0 prefixlen 64 scopeid 0x4
      inet 192.168.1.44 netmask 0xffffff00 broadcast 192.168.1.255
      inet6 2001:470:e9ba:1:216:cbff:feab:af0d prefixlen 64 autoconf
      media: autoselect (1000baseT <full-duplex>)
      status: active
  [root@strongbad]# netstat -in
  Name  Mtu   Network       Address            Ipkts Ierrs    Opkts Oerrs  Coll
  lo0   16384 <Link#1>                        800471     0   800471     0     0
  lo0   16384 ::1/128     ::1                 800471     -   800471     -     -
  lo0   16384 fe80::1%lo0 fe80:1::1           800471     -   800471     -     -
  lo0   16384 127           127.0.0.1         800471     -   800471     -     -
  gif0* 1280  <Link#2>                             0     0        0     0     0
  stf0* 1280  <Link#3>                             0     0        0     0     0
  en0   1500  <Link#4>    00:16:cb:ab:af:0d 24352460     0 36285322     0     0
  en0   1500  fe80::216:c fe80:4::216:cbff: 24352460     - 36285322     -     -
  en0   1500  192.168.1     192.168.1.44    24352460     - 36285322     -     -
  en0   1500  2001:470:e9 2001:470:e9ba:1:2 24352460     - 36285322     -     -
  fw0   2030  <Link#5>    00:1c:b3:ff:fe:9b:6d:d0        0     0        0     0     0
  en1   1500  <Link#6>    00:1c:b3:b0:41:f0        0     0        0     0     0
  vmnet 1500  <Link#7>    00:50:56:c0:00:01        0     0        0     0     0
  vmnet 1500  172.16.130/24 172.16.130.1           0     -        0     -     -
  vmnet 1500  <Link#8>    00:50:56:c0:00:08        0     0        0     0     0
  vmnet 1500  172.16.123/24 172.16.123.1           0     -        0     -     -
  On my Mac in System Preferences > Network > Ethernet > Advanced > Ethernet the "Configure" value is set to "Automatically".  I discovered a manual sysctl setting that looked promising, but had no noticeable effect:
  [root@strongbad]# sysctl -w net.inet6.ip6.accept_rtadv=1
  net.inet6.ip6.accept_rtadv: 0 -> 1
  I'm running the latest version of Snow Leopard (10.6.7) on my Mac, and there doesn't appear to be any updates for it.  Just for fun, here's the kernel banner:
  [root@strongbad]# uname -a
  Darwin strongbad.local 10.7.0 Darwin Kernel Version 10.7.0: Sat Jan 29 15:17:16 PST 2011; root:xnu-1504.9.37~1/RELEASE_I386 i386
  Any ideas on how to get my Mac to honor the MTU in IPv6 router advertisements and set the MTU automatically?
  Thanks in advance,
  -Lex

  I was wrong.  The MTU in IPv6 router advertisements is not ignored by my Mac.  In fact, it works great.  A few things threw me off here:
  1. The IPv6 MTU is not relected in ifconfig and netstat output if it's different than IPv4.
  2. The MTU size was wrong.  The IPv6 MTU also has to account for ADSL PPPoE overhead the same as any other protocol.  PPPoE adds 8 bytes overhead per packet.  That means with the 6in4 tunneling overhead of 20 bytes, the true MTU for an IPv6 packet over a 6in4 tunnel over PPPoE is 1472.
  3. The firewall was correctly configured to pass ICMPv6, so PMTUD was working.  However, this created the illusion that some destinations were working and some were not.  I wrongly assumed that mucking with the MTU to and from 1480 was making a difference.  In reality, it was PMTUD doing its thing, albeit slowly and on a strict destination by destination basis.
  In sum, setting the MTU on the router interface closest to my Mac to 1472, made it all work beautifully.  I had to wait for a few route advertisements to pass by, but my Mac did end up doing the right thing. 
  One last thing worth noting.  On a Cisco router, setting the "ipv6 mtu" to something non-default will be reflected in the IPv6 route advertisements it sends out. 
  Hope this helps,
  -Lex