[c-nsp] What MTU for Bellsouth BBG / BRAS <-> LNS l2TP tunnel?
Brian Feeny
signal at shreve.net
Fri Oct 29 12:37:02 EDT 2004
On Oct 29, 2004, at 7:51 AM, Gert Doering wrote:
> Hi,
>
> On Fri, Oct 29, 2004 at 07:28:03AM -0500, Brian Feeny wrote:
>> But still, the Link between myself and Bellsouth is only 1500, and
>> since this is the link on which
>> l2tp tunneling is being done, thats going to create a problem with it
>> being so low. I did a test, and
>> my LNS reports back to remote sites MTU of 1492, which sounds correct
>> for PMTU Discovery since
>> thats the PPPoE layer responding back its limit.
>
> That's the PPPoE limit, yes. Unfortunately, if you send 1492-byte
> packets, the L2TP packet will be too large, and the routers will need
> to fragment/defragment the "outer" packet, which costs lots of CPU.
Right, the 1492 packet will be too large. But, why doesn't the Redback
fragment the outer packet like you say it should? What I am saying is
that if DF is set its just dropping the packets, I wouldn't think the
outer
packet would care about the DF of the inner packet, but it seems too,
since with "ignore df-bit" all works, but without setting that flag,
anything
with DF bit is dropped. I follow your logic, if the 1492 is received,
its too
big once you add the the l2tp overhead, and should be fragmented, and
the worse thing you would think you have to deal with is the fact that
your causing unnecessary fragmentation and assembly. But what I am
seeing
is that max packet sizes with DF bit set the user does not receive. I
do realize
the outside l2tp tunnel is not involved in the inner packet stream as
far as DF
and other flags are concerned, but it almost seems like for whatever
reason
it doesnt fragment the packets, or maybe it does and that leads to
problems
on reassembly, but the packets never make it.
>
> One approach is to set the virtual-template MTU to 1454, to make sure
> that L2TP packets never need fragmentation. In this case, 1454 is also
> the MTU that will be discovered by PMTUd.
Does that really work though? I mean, if you set the PPP interface to
1454
do PPPoE routers negotiate that MTU or just still blatently set 1492.
In other
words, I am not sure the whole learning of MTU via PPP is something that
works well with PPPoE i may be wrong about this though. I under stand
this
reasoning however, and believe me I have tried it, and it didn't work
which is
why I mention this, your just making sure that you account for worst
case scenerio
of encapsulation/header/overhead. I do this by setting "ppp mtu 1454"
under the interface
which talks PPP to my customers, flapping there session (to re-run LCP
negotiation), and
stuff like Amazon (which insists on setting DF in all packets) don't
work.
>
> The best approach is to use PPPoA (no MTU issues) and carry L2TP over
> something that has a larger MTU - either Ethernet with switches and
> routers that can do that, or ATM / serial lines / ...
>
Isn't setting the L2TP link MTU between myself and Bellsouth an option
like
above with PPPoA? I mean if I increase the MTU on the L2TP link between
myself and Bellsouth, it wont have to fragment to go over the L2TP
link, and
then at the other end of the L2TP link it should output a packet that
should fit
fine onto the wire.......but please correct me if I am wrong.
I just don't know about the whole PPP learning its MTU thing, if that
really works
the way it should. If it does, then I guess the two options are
lowering the PPP link
MTU, or increasing the L2TP link MTU.
Brian
> [..]
>> Another "fix" that works, is to set "ip ignore-df bit" on the
>> Interface
>> on my LNS that terminates customers
>
> This is mostly a workaround for the problems with PMTUd and stupid
> firewall adminstrators. It won't help the L2TP fragmentation issue.
>
> Actually, it's a real mess in that case. A 1500 byte packet is
> fragmented
> into 1492+8 byte, and then the 1492+L2TP packet is fragmented
> *again*...
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
>
------------------------------------------------------------------------
------
Brian Feeny, CCIE #8036, CISSP e: signal at shreve.net
Network Engineer p: 318.213.4709
ShreveNet Inc. f: 318.221.6612
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041029/194309e8/PGP.bin
More information about the cisco-nsp
mailing list