[c-nsp] Packet Fragmentation
Brian Christopher Raaen
mailing-lists at brianraaen.com
Thu Feb 12 15:06:20 EST 2015
This is site-to-site with third parties, where I can not change the far
side MTU to account for the tunnel overhead. The issue is incoming and not
outgoing traffic so I have less options. While I the tunnels are UDP
based, the traffic in the tunnel is also UDP so MSS doesn't work. Also,
PMTUD is not supported by the end devices.
On Thu, Feb 12, 2015 at 2:15 PM, Roland Dobbins <rdobbins at arbor.net> wrote:
> On 13 Feb 2015, at 1:45, Brian Christopher Raaen wrote:
>
> The fragmentation is unavoidable as this involves VPNs and the
>> applications can't be adjusted to try smaller sized frames.
>>
>
> If you're using the router as a VPN concentrator for users and you're
> talking about fragmentation of in-tunnel traffic, you should be able to
> adjust the MTU and/or MSS for the software clients connecting to the VPN
> concentrator downwards in order to account for tunnel overhead.
>
> If you're using the router for a site-to-site VPN, you can adjust the MTU
> downwards for the relevant interface(s) on the relevant router(s) to
> account for tunnel overhead.
>
> Jared was talking about the MSS of TCP traffic encapsulated within the
> tunnels, not the tunnel traffic itself (IPSEC wrapped in UDP/10000?).
>
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Brian Christopher Raaen
Network Architect
Zcorum
More information about the cisco-nsp
mailing list