[cisco-bba] IOS upgrade kills Linksys

Krzysztof Adamski k at adamski.org
Tue Oct 19 13:23:46 EDT 2004 

For the archives.

Removing "ip mtu adjust" from the vpdn-group and restarting the tunnel
eliminated the LinkSys problem. I guess the only down side is that nobody
is negotiating an MTU of 1464 anymore, so there is going to be more
fragmentation. And fragmentation is the CPU killer.

K


 On Fri, 8 Oct 2004, Krzysztof Adamski wrote:

> I did not bring the tunnel down, so I guess I did not try it without the
> mtu adjust, but I have to many users on the tunnel to bounce it.
>
> K
>
> On Fri, 8 Oct 2004, Dennis Peng wrote:
>
> > If you remove it, it won't take effect until the entire L2TP tunnel
> > goes down and comes back up.
> >
> > Dennis
> >
> > Krzysztof Adamski [k at adamski.org] wrote:
> > > I did have "ip mtu adjust" and I removed it, but that did not help.
> > > The client has 5 locations, so far in one he upgraded the firmware on the
> > > linksys and that fixed it, but the other four are not working with the new
> > > firmware. At the second location he replaced the linksys with a gnet box,
> > > so far it is working, we will give some time to make sure that is the
> > > solution before the other locations are changed to gnet.
> > >
> > > Somebody here recommended that I add "qos pre-classify" to the
> > > virtual-template, that seem to fix a vpn between a linksys and netgear for
> > > a different customer, I'm really curios why.
> > >
> > > K
> > >
> > >  On Fri, 8 Oct 2004, Dennis Peng wrote:
> > >
> > > > Do you have "ip adjust mtu" under the VPDN group? That will change the
> > > > MTU automatically, but having a lower MTU can cause problems for some
> > > > applications. I usually recommend customers to remove it if they are
> > > > having MTU issues.
> > > >
> > > > Dennis
> > > >
> > > > Krzysztof Adamski [k at adamski.org] wrote:
> > > > > I upgrade my LNS from 12.2(12f) to 12.2(15)T14, and now some LinkSys boxes
> > > > > are showing weird behaviour. The LNS is doing PPPoE aggregation.
> > > > >  All the normal web access is working, but a VPN access to an exchange
> > > > > server is not. The VPN software is running on a PC behind the LinkSys. The
> > > > > VPN packets are encapsulated in UDP.
> > > > >  Not all VPN is the problem just the exchange traffic. Snooping the
> > > > > traffic it appears that the exchange is sending a 18k size UDP packet that
> > > > > is being fragmented. The size of each fragment is 1492 bytes. For some
> > > > > strange reason the MTU on the virtual-interface is 1464, this is how my
> > > > > virtual-template looks:
> > > > >
> > > > > interface Virtual-Template1
> > > > >  ip unnumbered FastEthernet1/0
> > > > >  no ip proxy-arp
> > > > >  mtu 1492
> > > > >  ip tcp adjust-mss 1300
> > > > >  no logging event link-status
> > > > >  peer default ip address pool ADSL
> > > > >  ppp authentication pap
> > > > >
> > > > > I have tried ip mtu 1492, mtu 1500, mtu 1464, even changing the MTU on the
> > > > > LinkSys to 1464 nothing helped.
> > > > >
> > > > > Any ideas what can be wrong?
> > > > >
> > > > > K
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > cisco-bba mailing list
> > > > > cisco-bba at puck.nether.net
> > > > > https://puck.nether.net/mailman/listinfo/cisco-bba
> > > >
> >
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>

More information about the cisco-bba mailing list