[c-nsp] MTU settings/GRE tunnel

[Masood Ahmad Shah]

use 'ip tcp adjust-mss 1400' on a router seeing traffic in the clear to
force MSS to 1400 so IP datagram size to 1420 (of course 1400 is just a
guess), this will cover all TCP traffic.

Set ip mtu 1500 on GRE tunnel interface (yes 1500 bytes)..

Reasoning: 
- - GRE encapsulation clears the DF bit UNLESS 'tunnel path-mtu-discovery'
is set on the tunnel interface (if turned on the tunnel MTU will be
dynamically adjusted upon receipt of ICMP) 
- - IPsec encapsulation copies the DF and adjusts the path MTU upon receipt
of ICMP UNLESS 'crypto ipsec df-bit clear/set' is configured in the crypto
map 
- - router will fragment when forwarding to any interface whose MTU is
smaller than the received IP packet. This happens often when forwarding to a
GRE tunnel whose MTU is 1476 per default... 


The last point forces the router to drop all 1500-bytes packets and to send
an ICMP message when a DF packet is received.


Regards,
Masood Ahmad Shah


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nick Kraal
Sent: Thursday, September 20, 2007 12:51 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] MTU settings/GRE tunnel

Dear all,

We are setting up tunnels within our network, and are using some previous
documented configurations for this. We will use this to enable virtual P2P
BGP sessions to isolate certain parts of our routing table. 
Cheap, temporary, and fast.

interface Tunnel0
  ip address 192.168.100.9 255.255.255.252
  no ip unreachables
  no ip proxy-arp
  ip mtu 1524
  tunnel source Loopback1
  tunnel destination 10.10.10.10

Is there any information/advice/rule-of-thumb on setting the MTU size on the
tunnel interface?

Thanks in advance,

-nick/
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/