[c-nsp] Improve VPN performance by reducing MTU via DHCP?

Vinny Abello vinny at tellurian.com
Thu Jun 7 11:05:18 EDT 2007


It is advisable that you change the MSS value on the interface that
connects to the segment with your workstations. This is usually the
recommended way to achieve this.

On the interface:

ip tcp adjust-mss 1200

This is assuming an IOS based device. If you have a PIX/ASA, you must
use the equivalent sysopt command.

or whatever value you want to set the maximum segment size to. The
default is usually 1460. If you know the overhead of the VPN, just
subtract that and set the result as your value. You probably want to set
it a little lower just in case an MTU problem on the transport between
VPN endpoints crops up at some point in time or something else
unexpectedly adds overhead to the tunnel. TAC frequently recommends 1200
in a lot of situations but that of course is not optimal and YMMV.

Vincent De Keyzer wrote:
> Hello list,
> 
>  
> 
> our company is about to build a corporate European network over VPNs, and a
> colleague of mine read somewhere that VPN performance can be improved by
> changing the MTU of workstations (this seems to be an option of DHCP
> server). In this way, the encapsulated packets are not bigger than 1500
> bytes, and no fragmentation is required, hence improving performance.
> 
>  
> 
> Does that sound good to you? Anybody ever tried this? Can you think of any
> side effect of changing the MTU of all PCs?
> 
>  
> 
> Vincent
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

-- 

Vinny Abello
Network Engineer
vinny at tellurian.com
(973)940-6100
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN

"Courage is resistance to fear, mastery of fear - not absence of fear"
-- Mark Twain


More information about the cisco-nsp mailing list