MTU & Jumbo frames

Important notes on MTU & Jumbo Frames with respect to AES TLSv1.2


Standard Ethernet frame MTU is 1500 bytes. This does not include the Ethernet header and Cyclic Redundancy Check (CRC) trailer, which is 18 bytes in length, to make the total Ethernet frame size of 1518. In this document, MTU size or packet size refers only to Ethernet payload. Ethernet frame size refers to the whole Ethernet frame, including the header and the trailer. Baby giant frames refer to Ethernet frame size up to 1600 bytes, and jumbo frame refers to Ethernet frame size up to 9216 bytes.

TLSv1.2 uses AES, hash algorith & RSA keys.
please refer the rfc link for detail info:
https://tools.ietf.org/html/rfc5246

Means to pass TLS request and response for first time to open a particular website we need to enable jumbo frame.

                      

As you enable mtu size to 9198 and if you add 18 bytes for crc and ether header = 9216 bytes , that is the size of jumbo frame.

you can verify this with the output:
sh interfaces gigX/X counters all

sh interfaces gigabitEthernet x/x mtu

Port    Name               MTU
Gix/x                     9198


                          

More on MTU:

!

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/872-cisco-router-gre-ipsec-tunnel-transport.html

https://supportforums.cisco.com/discussion/11028566/total-output-drops-input-queue-gre-tunnel-interface

NOTE: It is recommended to set the Tunnel MTU to 1400 (ip mtu 1400) and to configure ip tcp adjust-mss to 1360. The IP and

TCP headers combine for 40 bytes of overhead, so the typical MSS value reported by network clients will be 1460 with 1500 byte

MTU. This design includes encrypted tunnels with a 1400 byte MTU, so the MSS used by endpoints should be configured to be

1360 to minimize any impact of fragmentation.

inside tunnel interface: 

ip mtu 1400

ip tcp adjust-mss 1360