CSM & don't fragment flag behaviour

v.kreisel · ‎11-21-2007

Hello,

I have some problems with large packets send from CSM VIP towards clients over

a GRE Tunnel with MTU 1400.

Some packets are send out with don't fragment flag set and some with unset flag.

Question1: is it possible to influence CSM don't fragment flag behaviour via configuration ?

Question2: is CSM able to react on ICMP type 3 code 4, in other words is CSM able to perform MTU path discovery ?

Would be happy about any answer.

Best regards

Volker Kreisel

Gilles Dufour · ‎11-21-2007

Volker,

the CSM itself does not set this flag or do PMTUD. It's the server behind the CSM that sets the flag or does PMTUD.

The CSM just passes what it receives to server or the client.

I would recommend to sniff the csm portchannel and filter on a client ip. You will see what is going on.

Also, if the traffic goes through the MSFC, you can use a policy-map to overrid the DF bit if you want.

Gilles.

v.kreisel · ‎11-21-2007

Gilles,

thanks for your hint with policy-map on MSFC.

I'll discuss with my server providers if

we turn off PMTUD and configure MTU with fix length 1400 or if we go for the MSFC solution.

Volker

v.kreisel · ‎11-23-2007

Gilles,

I think because of performance issues it makes sense to avoid fragmentation.

PMTUD is not working because ICMP(code3, type4) makes it only from tunnel to the CSM VIP and doesn't reach the server.

Is it possible to configure the CSM VIP in a

way that she can forward the ICMP packet to the right server ? (who send out a packet > 1400)

Volker