[c-nsp] MTU settings/GRE tunnel

Pavel Gulchouck gul at gul.kiev.ua
Tue Sep 25 04:20:37 EDT 2007

On Tue, Sep 25, 2007 at 02:30:10PM +0800, Nick Kraal writes:
NK> Have you tried adjusting MSS on the tunnel interface:
NK> e.g. ip tcp adjust-mss 1400
NK> Also search [www.cisco.com] for PMTUD (watch the line wrap):
NK> http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

I want that 1500-bytes packets goes through all my ipsec-protected
gre tunnels without fragmentation. I have big enough MTU at SVI and
all physical interfaces between tunnel source and tunnel destination
for it, so I do not want to decrease tcp mss.
7200 and 3825 do what I want, but 6500/SPA-IPSEC-2G does not. :-(

I've just found CSCek57760 - excactly my problem. They tell that it's
fixed in 12.2(18)SXF10 and 12.2(33)SHX, but I see the same symphtoms
on 12.2(33)SXH. Some ideas about configuration parameters, or only
wait for future releases and bugfixes?

NK> Pavel Gulchouck wrote:
>> I set mtu on physical interface and on SVI to 4096, set
>> "ip mtu 1500" on gre tunnel but with no luck: MTU on tunnel
>> interface is 1514, and if I try to increase it router responses:
>> "% Interface Tunnel2 does not support adjustable maximum datagram size".
>> Ping between tunnel source and tunnel dest with size 4096 and df
>> is ok, but all 1500-bytes packets are fragmented while encapsulating
>> into the gre tunnel.
>> 6500/sup720.
>> In addition I use ipsec (with SPA-IPSEC-2G), but MTU is unchangable
>> for unprotected gre tunnels too. MTU on virtual GE to ipsec module
>> is 9216.
>> Big unfragmented packets from remote router (7200) are successfully
>> receiving and decrypting.
>> Any suggestions?


More information about the cisco-nsp mailing list