[c-nsp] DMVPN Rollout -- MTU questions
Joe Maimon
jmaimon at ttec.com
Fri May 23 10:42:17 EDT 2008
John Kougoulos wrote:
>
> On Thu, 22 May 2008, Eric Cables wrote:
>
>> The above, however, doesn't seem to work in some cases. Users as these
>> sites complain of intermittent connectivity problems, which seem to be
>> solved rather quickly by reducing the IP MTU, and configuring TCP
>> adjust-mss. I do have concern as to why PTMUD isn't working as expected
>> (sending ICMP unreachables to the client to adjust their MTU accordingly),
>> and exactly what values to set both IP MTU to, as well as TCP adjust-mss,
>> assuming it's necessary.
>>
>
> unless you have lots of large UDP packets (near 1500bytes), I prefer to
> use "ip mtu 1500" on tunnel interface, with "ip tcp adjust-mss 1360",
> or something similar.
>
> This way TCP packets don't go over 1400bytes and the service is MTU
> transparent. Of course you will have fragmentations in case of large
> non-TCP packets, but let's hope/assume that these will not be too many....
>
> Best Regards,
> John
I like that solution as well, except for when the router doesnt actually
fragment and transmit but drops instead. Then its worse. Yes, probably
a bug.
Furthermore, there really should be a way to correlate tunnel pmtud and
tcp adjust-mss and to be in lockstep.
Original PMTUD is a stupid protocol hack that relies on producing and
detecting error conditions for proper operation which in my book is a
real design no-no and now we have all been paying the price for years.
Thanks to that bone-headedness we have effectively lost a good deal of
the "inter" part of the internet protocol.
It was supposed to mean that the protocol works across different
networks. Now its effectively ethernet or ethernet like only + hacks.
More information about the cisco-nsp
mailing list