[nsp] ICMP: time exceeded (reassembly)

Victor Sudakov sudakov at sibptus.tomsk.ru
Wed Feb 4 01:05:32 EST 2004


Hani Mustafa wrote:
> 
> > Usually router doesn't do fragmentation of TCP because vast majority of any
> > type of hosts send packets with DF bit =1
> >
> > I don't understand how changing of encapsulation from GRE to IPIP would stop
> > frag/defrag.
> 
> A very blind guess here: but per RFC 2003, IP-IP mandates that the tunnel entry point contact the originating host about various errors (check section 4). GRE however does not enforce that (check Appendix, RFC 2784). This might explain why IPIP worked and not GRE.
> 
> I'm not sure about cisco's implementation, though. 
> 
> > However IP MTU for IPIP is 1480 and for GRE 1476
> 
> Caveat: if you're using a GRE key, it should become 1472.
> 
> A couple of packet dumps from various points could help in
> pin-pointing the problem. Also, do you know exactly what type of
> links the GRE packets traverse?

Ethernet over fiber. The in-transit MTU is nowhere less than 1500.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN


More information about the cisco-nsp mailing list