[c-nsp] Packet Fragmentation
Roland Dobbins
rdobbins at arbor.net
Thu Feb 12 14:15:24 EST 2015
On 13 Feb 2015, at 1:45, Brian Christopher Raaen wrote:
> The fragmentation is unavoidable as this involves VPNs and the
> applications can't be adjusted to try smaller sized frames.
If you're using the router as a VPN concentrator for users and you're
talking about fragmentation of in-tunnel traffic, you should be able to
adjust the MTU and/or MSS for the software clients connecting to the VPN
concentrator downwards in order to account for tunnel overhead.
If you're using the router for a site-to-site VPN, you can adjust the
MTU downwards for the relevant interface(s) on the relevant router(s) to
account for tunnel overhead.
Jared was talking about the MSS of TCP traffic encapsulated within the
tunnels, not the tunnel traffic itself (IPSEC wrapped in UDP/10000?).
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the cisco-nsp
mailing list