OSX does not correctly fragment packets on VLAN virtual interfaces for default MTU settings. Additionally, manually setting interface MTU settings do not always persist across interface disconnection, sleep, and reboot in some OSX versions.
- A virtual interface of type "VLAN" has been created and attached to a parent interface
- You try and make a network request of any kind using that VLAN / virtual interface that expects a response larger than 1472 Bytes, like an HTTPS web page (HTTP may not exceed this).
- Because the request is larger than the interface MTU, it is split into fragments. Each fragment should be at most the size of the parent MTU MINUS the 4 bytes for the VLAN header(s)
- The request succeeds and gets a reply which is itself fragmented appropriately.
- A virtual interface of type "VLAN" has been created and attached to a parent interface
- You try and make a network request of any kind using that VLAN / virtual interface that expects a response larger than 1472 Bytes, like an HTTPS web page (HTTP may not exceed this).
- Because the request is larger than the interface MTU, it is split into fragments. The packet ignores any configured MTU for the VLAN virtual interface and instead is fragmented based on the parent interface's MTU, AND WITHOUT accounting for the extra space needed by the VLAN headers.
- The VLAN and other headers are added to the packet, causing the total size to now be 4 bytes LARGER than the parent interface's MTU (in this case, 1504, which is larger than 1500).
- Because the packet's size is larger than the MTU, the parent interface silently rejects the packet, never sending it.
These did not previously work for me, but sometime between my original tests and updating OSX to 15.3.2, the network interface MTU setting appears to now be persisting properly across sleep, interface disconnection, and reboot based on my initial testing. May be worth updating your OS if this aspect is not working. Else, see the other workaroundss.
This is potentially ideal because theoretically if you change which parent interface the VLAN is attached to, as long as it still supports at least the prior max value, it should follow the change. Do this for each VLAN virtual interface.
- In System Settings -> Network, select the VLAN virtual interface.
- Click the details button, and then select the Hardware sub-menu
- Change the value for "Configure" to "Manually", and then set the MTU to "Custom"
- Type in an MTU 4 Bytes greater than the standard one (usually type 1504)
- Click OK
If you have lots of VLANs or constantly create / remove them, this may be preferred as you only have to set this once.
- In System Settings -> Network, select the parent interface that you have VLANs attached to.
- Click the details button, and then select the Hardware sub-menu
- Change the value for "Configure" to "Manually", and then set the MTU to "Custom"
- Type in an MTU 4 Bytes greater than the standard one (usually type 1504)
- Click OK
The only way I found to do this is to automatically re-apply the proper MTU setting any time the network interface reverted to the wrong / default MTU. I chose to implement this with a simple bash script that checks to see if any MTU settings need to be fixed and fixes them if so. This script is triggered by a LaunchDaemon that watches the network interface directories / files for changes as a way to know if any network settings have changed. To determine if any MTU setting should be changed, it looks for all interfaces that support the VLAN_MTU feature, pulls the maximum MTU supported by that interface, and then sets the MTU to the max if it isn't already.
You can create and apply the necessary files by running the following bash script in terminal with sudo.
This is generally tested and working for me, but I can't guarantee it will work perfectly for you. If there are any bugs in my script code let me know and I can see if there's a quick fix.