MTU 1524 on GRE Tunnels (13 of 30)

When I first came across this configuration I was confused as to how it was handling either UDP packets of 1500 bytes or TCP packets where PMTUD failed, as either an ICMP issue, or an issue where TCP did not correctly address PMTUD issues.

interface Tunnel10
ip address 10.100.100.1 255.255.255.252
ip mtu 1524
ip tcp adjust-mss 1352
tunnel source Loopback1
tunnel destination 10.10.10.10

The traditional method for fixing this issue would be to clear the df bit, set the MSS as you would normally, and lower the MTU. In both situations, if packets of 1500 bytes come, they will fragment that packet, however in the clear df bit situation the edge will see that it was fragmented, whereas with raising the MTU on the tunnel, the fragmentation will only happen between the two GRE tunnel endpoints. The end user would not see the packet fragmented, since it was only the tunnel that was fragmented not the original source and destination.

It’s always important to know multiple ways to solve a problem, and to understand new configs as you come across them. I know I didn’t understand these configurations when I first saw them.

You can find more here.

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>