[nsp] MTU problem with GRE tunnels

From: philip bridge (bridge@ip-plus.net)
Date: Thu Jun 04 1998 - 14:36:48 EDT


I'm experiencing problems with fragmentation due to GRE tunnel overhead:
the way I understand it, the MTU if a GRE tunnel will always be less than
the MTU of the underlying IP cloud due to the IP encapsulation overhead (in
our case 1500 bytes). So 1500 byte packets attempting to traverse the tunnel
will be fragmented.

We're trying to use GRE tunnels extensivly in a VPN service offering, as
well as some other added-value Internet services, and it seems that there
is a lot of critical traffic out there with 1500 byte packets and
with the DF bit set. So it doesn't get through the VPN tunnels. The
critical packet length is 1472 bytes.

We see this on a variety of platforms (from 2500, 7507) and a variety of
IOS releases (11.1(18)CC, 11.1(2), 11.2(5).

Thinking about it, this problem is to be expected...but it seems to render
GRE tunnels unuseable in a VPN or Internet environment. But I know lots of
people are
using GRE for this or similar applications...so what am I missing here.

thanks in advance for help/tips

Phil

______________________________________________________________
Philip Bridge
++41 31 688 8262 bridge@ip-plus.net www.ip-plus.ch
PGP: DE78 06B7 ACDB CB56 CE88 6165 A73F B703






This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:14 EDT