![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 0%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Azure VMware Solution
An Azure service that runs native VMware workloads on Azure.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 6%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Thank you for reaching out. Based on your description, the issue appears to be related to MTU mismatch and path MTU discovery in your AVS architecture. When traffic passes through the Site-to-Site VPN and Azure Firewall, additional encapsulation overhead reduces the effective MTU, causing it to drop from 1400 to 1200. This behavior is common when intermediate devices enforce lower MTU values.
- Check Intermediate Network Devices: Ensure that there are no devices along the path (like your VPN or Azure Firewall) that have a lower MTU configuration which could lead to fragmentation and ultimately force a lower MTU setting.
- Verify MTU Settings on VMs:
- For Azure VMs, the default MTU is typically set to 1500, but you have the ability to increase it. Based on your setup, make sure that the MTU settings are consistently configured across all involved systems.
- You can check the current MTU value on Windows using PowerShell:
Get-NetIPInterface - To set a specific MTU value, use:
Ensure to replace the MTU value with what’s appropriate for your configuration.Set-NetIPInterface -InterfaceAlias "Ethernet" -NIMtuBytes 3892
- Path MTU Discovery: Use tools like
Test-Connectionto diagnose path MTU issues. This will help confirm what the effective MTU is across the path:Test-Connection -TargetName <DestinationIP> -MtuSize - Check Connections and Firewalls: Make sure there are no firewall rules that might be limiting traffic, causing packet fragmentation. Also, check the VM network configuration, ensuring the correct IP address and subnet mask are in use, and the right distributed port group is assigned.
- Consider Network Extensions: If you are using HCX network extensions, verify their MTU settings. Misconfigured MTUs here can also lead to that connectivity loss you're experiencing.
Make sure to apply and test these changes during a maintenance window to avoid disruption.
If you're still facing issues after these checks, here are some follow-up questions that could help gather more details:
- Have you modified any settings recently on the Azure Firewall or the VPN that might correlate with when the drops began?
- Can you confirm if other VMs in AVS also experience similar issues, or is it isolated to specific instances?
- Did you perform any recent maintenance or changes to the routing tables or security groups that could impact connectivity?
- Are there any specific applications or services on the VMs that are particularly sensitive to MTU changes?
- Relevant Documentation:
- Configure Maximum Transmission Unit (MTU) for virtual machines in Azure
- Create HCX network extension
- HCX Site Pair connectivity diagnostics
Hope this helps! Please let me know if you have any queries in comments.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 8%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)