Supported by the GlobalNOC at Indiana University

Most PopularMost popular assets for this branch of the site.
  1. Prefix Request Form
  2. BGP Blackhole Users Guide
  3. PennREN Member DDoS Mitigation Procedures
  4. Submit Prefix Request
  5. Internet2 Peerings - MTU Configuration
Recent ChangesRecently edited assets for this branch of the site.
  1. PennREN Member DDoS Mitigation Procedures


"Jumbo" Frames and Internet2

Large IP frames, also called "jumbograms" or "jumboframes," have been recommended for high-performance networkslike Internet2 as a significant factor in increasing performance overlong distances. In general the limiting factor in frame size is theIP MTU (Media Transmission Unit, sometimes also called MaximumTransmission Unit), which by default on an Ethernet is 1500 bytes.The MTU is set independently for every interface in an IP flow'spath, and any interface can limit the size of the flow by fragmentingit. Path MTU discovery, described in RFC1191,attempts to discover the optimal MTU for the path to avoid fragmentation.

The Internet2 recommendation is to work toward an end-to-end IP MTU ofat least 9000 bytes today, and eventually much larger. Steps in thiseffort are:

  1. Set 9KB MTUs throughout the Internet2 backbone. This has been completed.
  2. Internet2 and its connectors work together to set 9KB MTUs where we peer with each other. See the table below for an indication of the progress of this effort.
  3. The Internet2 institutions set 9KB MTUs within their networks, at least to the high-performance end-stations.
    This page gives links to some of the reasoning for a large-frame recommendation, indicates some of the organizations and networks who have endorsed the concept and are working with us to increase MTUs, shows how it is done with Cisco and Juniper examples, and finally includes a list of all Internet2 connectors and peer networks and their current MTU status.

this page is locate at
it was last edited on 1 April2003
comments to Brent Sweeny,

PennREN Member DDoS Mitigation Procedures




  • Caller must be listed as an authorized representative of the member institution within the PennREN NOC Database

  • Member institution must be a valid subscriber of the PennREN DDoS Mitigation service

  • Member institution must have active PennREN Commodity Internet Service

  • Prefix requested for mitigation

    • Must be IPv4

    • Can not be longer than /24

    • Must already be filed with and approved by the PennREN NOC


  1. Call the PennREN NOC at 833-PENNREN (833-736-6736) and request immediate DDoS scrubbing on the prefix(es). Be prepared to identify your name, the organization you are with, and the specific prefix range(s) you wish to scrub

  2. Stop advertising the affected prefix(es), including more specific prefixes, to other Internet Service Providers and private peers.

  3. Advertise the affected prefix(es) to all PennREN Commodity Internet and Internet2 connections with the community string 14877:9111.

  4. PennREN NOC will notify via phone once traffic scrubbing is confirmed active by the service vendor 2

While community string 14877:911 is advertised, Internet egress traffic will continue to route normally. All Internet ingress traffic will be routed to the customer through their Commodity Internet East (NBRD) connection.

2 Activation may take up to 20 minutes from the time of initial request.



  1. Call the PennREN NOC at 833-PENNREN (833-736-6736) and request DDoS scrubbing be deactivated. Be prepared to identify yourself and notify the PennREN NOC of an email address to have scrubbing reports forwarded to.

  2. Stop advertising community string 14877:911 to all PennREN connections

  3. Resume normal advertisements to other Internet Service Providers and private peers.

  4. The PennREN NOC will email mitigation reports as they become available from the service vendor.

Your request has been completed.