|
|
|
|
01-06-2006, 09:03 PM
|
#1 |
MTU sizes and reasons
Hi all,
I "inherited" a router setup that has a VPN connection to one of our remote sites. I am at a loss to understand why the old administrator used the MTU that he did, and I hope someone here can explain it to me. This router has a frame-relay connection to the internet (MTU 1500) with a VPN Tunnel that has the IP MTP set to 1600. Shouldn't that be somewhere closer to 1460? Thanks, -Zach Config follows: interface Tunnel0 bandwidth 1536 ip address 192.168.X.X 255.255.255.252 ip mtu 1600 ip ospf message-digest-key 1 md5 7 AEFF2234234079BCDE3 tunnel source 157.130.X.X tunnel destination 157.130.X.X crypto map gre interface Serial0/0 no ip address encapsulation frame-relay IETF no fair-queue frame-relay lmi-type ansi ! interface Serial0/0.1 point-to-point bandwidth 1536 ip address 157.130.X.X 255.255.255.252 ip access-group AccessIn in no cdp enable frame-relay interface-dlci 666 IETF crypto map gre Zach Malmgren |
|
|
|
01-07-2006, 07:17 PM
|
#2 |
|
Posts: n/a
|
Re: MTU sizes and reasons
Hi Zach,
MTU size 1600 is too high. In most cases it will cause a fragmentation and, as a result, lower performance. If you want to check the maximum MTU possible for your end-to-end connectivity, you could play with the PING, trying to vary the size of the packet with "do-not-fragment" option set up. Windows command line should look like "ping -f -l <size> <destination>". Start with the packet size 1600, and then decrease it untill you get the response. Good luck, Mike www.headsetadapter.com "Zach Malmgren" <> wrote in message news: ups.com... > Hi all, > > I "inherited" a router setup that has a VPN connection to one of our > remote sites. I am at a loss to understand why the old administrator > used the MTU that he did, and I hope someone here can explain it to me. > This router has a frame-relay connection to the internet (MTU 1500) > with a VPN Tunnel that has the IP MTP set to 1600. Shouldn't that be > somewhere closer to 1460? > > Thanks, > -Zach > > Config follows: > interface Tunnel0 > bandwidth 1536 > ip address 192.168.X.X 255.255.255.252 > ip mtu 1600 > ip ospf message-digest-key 1 md5 7 AEFF2234234079BCDE3 > tunnel source 157.130.X.X > tunnel destination 157.130.X.X > crypto map gre > > interface Serial0/0 > no ip address > encapsulation frame-relay IETF > no fair-queue > frame-relay lmi-type ansi > ! > interface Serial0/0.1 point-to-point > bandwidth 1536 > ip address 157.130.X.X 255.255.255.252 > ip access-group AccessIn in > no cdp enable > frame-relay interface-dlci 666 IETF > crypto map gre > CiscoHeadsetAdapter.com |
|
|
|
01-07-2006, 07:44 PM
|
#3 |
|
Posts: n/a
|
Re: MTU sizes and reasons
CiscoHeadsetAdapter.com wrote:
> Hi Zach, > > MTU size 1600 is too high. In most cases it will cause a fragmentation > and, as a result, lower performance. If you want to check the maximum > MTU possible for your end-to-end connectivity, you could play with the > PING, trying to vary the size of the packet with "do-not-fragment" > option set up. Windows command line should look like "ping -f -l > <size> <destination>". Start with the packet size 1600, and then > decrease it untill you get the response. > Please do not top post. First, it's on a tunnel so a size bigger than a normal max packet size is required if fragmentation is to be avoided, secondly, it's only liable to have an impact for traffic which is sourced directly from the router and going out over the tunnel. Whoever installed it, could have worked out the additional overhead and slapped it on. B > > "Zach Malmgren" <> wrote in message > news: ups.com... >> Hi all, >> >> I "inherited" a router setup that has a VPN connection to one of our >> remote sites. I am at a loss to understand why the old administrator >> used the MTU that he did, and I hope someone here can explain it to >> me. This router has a frame-relay connection to the internet (MTU >> 1500) with a VPN Tunnel that has the IP MTP set to 1600. Shouldn't >> that be somewhere closer to 1460? >> Config follows: >> interface Tunnel0 >> bandwidth 1536 >> ip address 192.168.X.X 255.255.255.252 >> ip mtu 1600 >> ip ospf message-digest-key 1 md5 7 AEFF2234234079BCDE3 >> tunnel source 157.130.X.X >> tunnel destination 157.130.X.X >> crypto map gre >> >> interface Serial0/0 >> no ip address >> encapsulation frame-relay IETF >> no fair-queue >> frame-relay lmi-type ansi >> ! >> interface Serial0/0.1 point-to-point >> bandwidth 1536 >> ip address 157.130.X.X 255.255.255.252 >> ip access-group AccessIn in >> no cdp enable >> frame-relay interface-dlci 666 IETF >> crypto map gre >> -- http://www.mailtrap.org.uk/ Bob Goddard |
|
|
|
01-08-2006, 10:32 AM
|
#4 |
|
Posts: n/a
|
Re: MTU sizes and reasons
Any tunnel MTU size htat is greater than any interface MTU in the path including the outgoing egress interface will result in fragementation. That may be why it is called Maximum Transmission Unit ... Merv |
|
|
|
01-08-2006, 07:40 PM
|
#5 |
|
Posts: n/a
|
Re: MTU sizes and reasons
|
|
|
|
01-09-2006, 01:42 AM
|
#6 |
|
Posts: n/a
|
Re: MTU sizes and reasons
Having a Tunnel MTU greater than the outgoing interface physical MTU
can result in fragmentation. See Cisco doc on pre-fragmentation: http://www.cisco.com/en/US/products/...080115533.html Merv |
|
|
|
11-04-2009, 03:56 AM
|
#7 |
|
Member
Join Date: Jun 2009
Location: USA
Posts: 67
|
F.Y.I. Transit path on ISP site has bigger than 2000(at least) MTU set. It is perfactly making sense end node is default 1500.
MTU size for VPN should be smaller than 1500 for better throughput Sharing Cisco Expertise : CiscoNET.com theapplebee |
|
|
