[c-nsp] Packet Fragmentation
Gert Doering
gert at greenie.muc.de
Thu Feb 12 16:42:48 EST 2015
Hi,
On Thu, Feb 12, 2015 at 01:45:08PM -0500, Brian Christopher Raaen wrote:
> Currently, using Cisco 3800's. Unfortunately, because the traffic is UDP,
> mss adjust can't be used to adjust the frame size. The fragmentation is
> unavoidable as this involves VPNs and the applications can't be adjusted to
> try smaller sized frames.
"unavoidable" is such a strong word...
Like, just use bigger MTUs on the paths between the VPN routers, so the
VPN can carry full 1500 byte packets...
> Are there any documents that show the impact for each platform? I can find
> pps, throughput, etc... but nothing says how fragments impact things. My
> concern is that a larger router may not be any better in this particular
> regard than what I already have.
Fragmentation is usually not that bad, reassembly on the IPSEC endpoint is.
So your second best approach is to ensure that packets *in* the tunnel are
fragmented, so the reassembly is done on the receiving host, not the
VPN endpoint.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20150212/699013ba/attachment.sig>
More information about the cisco-nsp
mailing list