[c-nsp] MTU woes with tunnels
Adrian Chadd
adrian at creative.net.au
Fri Mar 16 11:31:43 EST 2007
On Fri, Mar 16, 2007, Mattias Eliasson wrote:
> Hi all
>
> We have a problem where all MTU settings where working before reboot of
> the hub.
> Now (after reboot) some sites are unreachable from windows clients and
> I cant seem to resolve the issue.
>
> All equipment is cisco except the NAT router who is a linksys (though
> one end point is PIX and has the same issue).
> Changing the MTU on the NATs does nothing.
Not that this is an answer to your specific case; but most tunnel problems
like this stem from PMTU breaking down somewhere. Its either due to a L2
drop (no ICMP frag required message is queued) or an L3 drop but filtered
ICMP somewhere along the path.
try "ip tcp adjust-mss <something smaller than mtu - 20>" to force
the TCP MSS to be smaller than the MTU. Much smaller; try something
like 576. If this resolves the issue then you should start sniffing
around for ICMP or L2-path issues.
HTH,
Adrian
>
> Toppology is something like this:
>
> 6503/Sup32 ----------[ tunnel0 ]---------- 1801 ----- NAT
> |
> |
> ------------------------[tunnel1]--------------
>
> Where tunnel0 is over our net and tunnel1 is over the internet for
> fallback.
>
>
> *********************************************************
>
> HUB conf
>
> interface Loopback1
> description FastIP GRE source interface 1
> ip address xxxxxxxxxxx yyyyyyyyyyyyyy
> !
> interface Loopback2
> description FastIP GRE source interface 2
> ip address 8xxxxxxxxxxx yyyyyyyyyyyyyy
> !
> interface Tunnel100
> description FastIP GRE Primary
> bandwidth 10000
> ip address xxxxxxxxxxx yyyyyyyyyyyyyy
> no ip redirects
> ip mtu 1472
> ip nhrp map multicast dynamic
> ip nhrp network-id 100
> ip nhrp holdtime 300
> no ip mroute-cache
> ip ospf network broadcast
> ip ospf cost 10
> ip ospf mtu-ignore
> delay 1000
> tunnel source Loopback1
> tunnel mode gre multipoint
> !
> interface Tunnel101
> description FastIP GRE Secondary
> bandwidth 10000
> ip address xxxxxxxxxxx yyyyyyyyyyyyyy
> no ip redirects
> ip mtu 1472
> ip nhrp map multicast dynamic
> ip nhrp network-id 101
> ip nhrp holdtime 300
> no ip mroute-cache
> ip ospf network broadcast
> ip ospf cost 20
> ip ospf mtu-ignore
> delay 1000
> tunnel source Loopback2
> tunnel mode gre multipoint
>
>
> *************************************************
> Spoke
>
> interface Tunnel0
> description GRE Primary
> ip address xxxxxxxxxxx yyyyyyyyyyyyyy
> no ip redirects
> ip mtu 1472
> ip nhrp map multicast dynamic
> ip nhrp map xxxxxxxxxxx yyyyyyyyyyyyyy
> ip nhrp map multicast zzzzzzzzzzzzz
> ip nhrp network-id 100
> ip nhrp holdtime 300
> ip nhrp nhs zzzzzzzzzzzzzzzz
> ip ospf network broadcast
> ip ospf cost 10
> ip ospf mtu-ignore
> delay 1000
> tunnel source Vlan2
> tunnel mode gre multipoint
> !
> interface Tunnel1
> description GRE Secondary
> ip address xxxxxxxxxxx yyyyyyyyyyyyyy
> no ip redirects
> ip mtu 1472
> ip nhrp map multicast dynamic
> ip nhrp map xxxxxxxxxxx yyyyyyyyyyyyyy
> ip nhrp map multicast zzzzzzzzzzzzz
> ip nhrp network-id 101
> ip nhrp holdtime 300
> ip nhrp nhs zzzzzzzzzzzzz
> ip ospf network broadcast
> ip ospf cost 20
> ip ospf mtu-ignore
> delay 1000
> tunnel source BVI1
> tunnel mode gre multipoint
>
>
>
> Thankfull for any advice.
>
> Mattias Eliasson
> Omnitron
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level bandwidth-capped VPSes available in WA -
More information about the cisco-nsp
mailing list