[c-nsp] GRE tunnels on 7600 Sup 3B and large UDP
Kevin Graham
mahargk at gmail.com
Wed Apr 20 13:57:15 EDT 2005
On 4/20/05, Peter J. Welcher <pjw at netcraftsmen.net> wrote:
>
> One thought was we could PBR all UDP > 1476 say to Null0.
Assuming your endpoints are attempting PMTUD then you don't need to
PBR at all, just make sure you've set 'ip mtu' on the tunnel to 1476?
I haven't checked to see if it can be done in hardware on the 720, but
an extra safeguard (since you're already considering dumping these
packets altogether) would be to use a policy route-map to ensure that
df-bit is always set.
Alternatively, can you get support for jumbo's from your MAN provider?
> Another debatable (which may apply to many vendors) is whether
> hardware tunnel encapsulation does any good if fragmentation isn't
> handled efficiently.
Though it does strike me as a nasty problem to deal with, given the
attention to ipsec accelleration and hardware tunnel encapsulation, I
am surprised that fragementation is still handled so inefficiently...
More information about the cisco-nsp
mailing list