[c-nsp] Packet Fragmentation

Luan Nguyen lnguyen at opsource.net
Thu Feb 12 14:55:38 EST 2015


If you're lucky to have a provider like NTT, who supports 5000 MTU within
their backbone, for site to site vpn, you could just jack up your MTU
setting on all tunnel-related interfaces to say 5000 MTU and avoid
fragmentation altogether.

On Thu, Feb 12, 2015 at 2:15 PM, Roland Dobbins <rdobbins at arbor.net> wrote:

> On 13 Feb 2015, at 1:45, Brian Christopher Raaen wrote:
>
>  The fragmentation is unavoidable as this involves VPNs and the
>> applications can't be adjusted to try smaller sized frames.
>>
>
> If you're using the router as a VPN concentrator for users and you're
> talking about fragmentation of in-tunnel traffic, you should be able to
> adjust the MTU and/or MSS for the software clients connecting to the VPN
> concentrator downwards in order to account for tunnel overhead.
>
> If you're using the router for a site-to-site VPN, you can adjust the MTU
> downwards for the relevant interface(s) on the relevant router(s) to
> account for tunnel overhead.
>
> Jared was talking about the MSS of TCP traffic encapsulated within the
> tunnels, not the tunnel traffic itself (IPSEC wrapped in UDP/10000?).
>
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list