When you’re routing traffic from an unlabeled network (using plain IP) over a network where sensitivity labels are added to the packets using CIPSO headers this may cause problems: space used by the labels is no longer available for the payload, so the packets need to be made a bit smaller.
This shouldn’t be a problem as that’s what fragmentation is for.
Sadly enough some systems set the “Don’t Fragment” bit and fail to handle any “ICMP fragmentation required” packets that may get sent as a result, causing the router between the unlabeled and the labeled networks to be unable to route the packets.
The jumbo frame support in many of the network drivers in Solaris provides an easy solution, permitting the packets on the labeled network to be made slightly bigger so they can accommodate the extra space needed for the labels:
ifconfig <interface> mtu 1512