Query...MTU size of physical int vs tunnel int

r_durantr_durant Member Posts: 486 ■■■□□□□□□□
Hi Guys,

My first post in the CCNP forum and I'm not sure if here is the right place for the query, but nonetheless...

I have a GRE tunnel configure between 2 x 2801 routers, running over a MetroE link...

The MTU size on the physical interface F0/0 is 1500 bytes and the MTU size on the Tunnel interface is 1476 bytes...

My query is, would this mismatch in size cause any problems? Note that none of the MTU sizes have been manually configured (yet)...

I did notice when I ran a debug ip packet, the following...and I'm not sure if this is related
*Nov 18 14:49:49.471: IP: s=192.168.0.2 (Null0), d=192.168.0.6 (FastEthernet0/0), len 1500, sending fragment
*Nov 18 14:49:49.471: IP: s=192.168.0.2 (Null0), d=192.168.0.6 (FastEthernet0/0), len 48, sending last fragment
It's difficult to determine if there is a problem on the link right now because of the lack of traffic traversing the link...however, this setup was working for the previous WAN link, which was a wireless link...I switched over to MetroE yesterday.

Let me know if you guys need anymore info...

Thanks,
Ryan
CCNA (Expired...), MCSE, CWNA, BSc Computer Science
Working on renewing CCNA!

Comments

  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    When the GRE/IP headers are being added, the packet is growing larger than 1500 bytes which causes the router to fragment the packet. The second fragment needs an additional IP header (duplicated from the new IP/GRE header) to traverse the tunnel, that is why the second one is 48 bytes long.

    Original packet 1500 bytes plus the 24 byte GRE/IP header = 1524, too large for the ethernet interface so fragment, 1 1500 byte fragment(already have the IP/GRE header) then a 24 byte fragment (no IP/GRE header) add the new 24 byte IP/GRE header and you get 48 bytes for the second fragment.

    To get rid of the fragments, the hosts would need to reduce their MTU by 24 bytes.
    The only easy day was yesterday!
  • r_durantr_durant Member Posts: 486 ■■■□□□□□□□
    Gotcha...

    Depending on which is more/less feasible (decreasing the size on the host or increasing the size on the routers)...Can the MTU size on the routers be increased instead? What would be the drawbacks of this?
    CCNA (Expired...), MCSE, CWNA, BSc Computer Science
    Working on renewing CCNA!
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    You can only increase the MTU on the routers if the provider will carry the larger frames.

    Just out of curiousity, why the GRE tunnel over the Metro Ethernet link? The provider should be isolating your traffic between the routers already.
    The only easy day was yesterday!
  • r_durantr_durant Member Posts: 486 ■■■□□□□□□□
    Ok, I'd have to check with the provider on that...

    My company prefers to do it's own isolation and encryption...the provider did indicate that the traffic is isolated and that they can encrypt the links as well, but hey...

    But I guess it's because of how they have arranged it with the provider...It's so strange, and cost-ineffective...we have (new) 2801 routers at each location, however the provider has "provided" a router as well, a 2811...so it's our 2801 --> their 2811 --> MetroE WAN...I would have assumed we could have just plugged ours into their termination device...there goes my bonus!!

    So, within their isolation, we're isolating as well...
    CCNA (Expired...), MCSE, CWNA, BSc Computer Science
    Working on renewing CCNA!
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Yeah you're really just adding another layer of complexity you don't need. The GRE tunnel isn't encrypted (although it can be) so if the intention was to provide encryption you will need to implement IPSec also.

    As for the bonus, just sell the 2801's on ebay and pocket the money icon_wink.gif
    The only easy day was yesterday!
  • r_durantr_durant Member Posts: 486 ■■■□□□□□□□
    Yea, we're using IPSec as well...

    The ebay thing is not a bad idea, I'm not greedy...about 2 should be fine for now... :D
    CCNA (Expired...), MCSE, CWNA, BSc Computer Science
    Working on renewing CCNA!
Sign In or Register to comment.