[c-nsp] L2TPv3 and VLANs
Benny Amorsen
benny+usenet at amorsen.dk
Fri Jun 19 04:41:12 EDT 2009
"Paul Stewart" <paul at paulstewart.org> writes:
> On a related note to the PS below... we have tested lt2tpv3 on a few
> different boxes running various IOS images and on each of the devices we did
> test we seen the same behavior. This means something is either broke in the
> code in my opinion or that we are doing something wrong. Typically that
> means the second option in our case (lol) but I did get a fair amount of
> feedback offline from folks with similar problems....;)
Generally problems with PMTU are caused by people blocking ICMP in their
(usually PIX/ASA) firewalls. If you control the whole path, you can make
sure that you're not one of the culprits.
On the other hand, if you're trying to reach the Internet through
tunnels with non-1500-byte MTU, you'll just have to accept that it won't
work. You can MSS adjust for TCP traffic though or you can lower your
interface or route MTU as workarounds. The only real fix is either
PIX/ASA administrators getting a clue, or Cisco getting a clue. Not
particularly likely.
/Benny
(Yes, I'm bitter.)
More information about the cisco-nsp
mailing list