[c-nsp] MTU settings/GRE tunnel
Phil Mayers
p.mayers at imperial.ac.uk
Thu Sep 20 05:55:08 EDT 2007
On Thu, 2007-09-20 at 11:23 +0200, Karol Mares wrote:
> Hi,
>
> On 9/20/07, Nick Kraal <nick at arc.net.my> wrote:
> >
> > Dear all,
> >
> > We are setting up tunnels within our network, and are using some
> > previous documented configurations for this. We will use this to enable
> > virtual P2P BGP sessions to isolate certain parts of our routing table.
> > Cheap, temporary, and fast.
> >
> > interface Tunnel0
> > ip address 192.168.100.9 255.255.255.252
> > no ip unreachables
> > no ip proxy-arp
> > ip mtu 1524
> > tunnel source Loopback1
> > tunnel destination 10.10.10.10
> >
> > Is there any information/advice/rule-of-thumb on setting the MTU size on
> > the tunnel interface?
> >
> > Thanks in advance,
> >
> > -nick/
>
>
>
> I would use MTU of 1524 (IP MTU of 1500), so that you will not generate
> ICMP packets, and also if you are generating the GRE tunnel, use the tunnel
> PMTUD under tunnel interface.
A GRE-encapsulated packet has:
ip+gre+ip+payload
Minimal GRE is 4 bytes, adding sequence, key or (checksum or routing)
each add 4 bytes so GRE can be up to 16 bytes.
...so a full-size ip+payload of 1500 gives an maximum encapsulated
packet size of 1536. Probably it'll be 1524 though.
So, ideally set your physical interface ip mtu to 1536, physical mtu to
whatever IP overhead you have (e.g. 14 bytes on ethernet - 1550).
Reversing that; if you have ethernet interfaces stuck at mtu=1500, you
should set your tunnel ip mtu to 1450
Above, you've set the MTU on high on the tunnel interface; almost
certainly the wrong thing to do.
More information about the cisco-nsp
mailing list