CLOUDFLARE’S Dynamic Path MTU Discovery for the One Client shifts from a passive observer to an active participant in path discovery to tackle the PMTUD Black Hole problem. The approach probes MTUs by sending encrypted packets of varying sizes to the Cloudflare edge, testing from the upper bound of the supported range down to the midpoint, and then dynamically resizes the client’s virtual interface MTU on the fly as network conditions change.
It relies on the MASQUE protocol built on Cloudflare’s QUIC library to enable end-to-end interrogation of the path rather than awaiting ICMP feedback which may be blocked by firewalls or middleboxes. The system targets MTUs above 1281 bytes, accommodates connections from high-speed corporate backbones to restrictive cellular networks, and aims to keep sessions uninterrupted when users move between networks with different MTU limits.
Real-world scenarios highlighted include first responders and hybrid workers, where active discovery helps maintain stable connections during handoffs, NAT traversal, and varying network conditions. The feature is available to Cloudflare One Clients using MASQUE, and Cloudflare invites users to try Path MTU Discovery for free across Windows, macOS, and Linux.