01-23-2008 12:53 PM - edited 03-05-2019 08:40 PM
Anybody know the default mtu setting on a gre tunnel interface such as this?:
interface Tunnel1
description "xxx"
ip address x.x.x.x 255.255.255.252
tunnel source Loopback1
tunnel destination x.x.x.x
I'm asking cause on the core redundant to this one where I've copied code from, the config line 'ip mtu 1500' is configured. I want to make sure these are matched up.
Thanks in advance.
/rls
Solved! Go to Solution.
01-23-2008 09:33 PM
Robert,
Sorry, I spoke too soon. I should have focused on your question, which is "IP MTU" and referred you to the command "show ip interface Tu0" instead of "show interface tu0".
GRE packets are formed by the addition of the original packets and the required GRE
headers. These headers are 24-bytes in length and since these headers are added to the
original frame, depending on the original size of the packet we may run into IP MTU
problems.
Even though the maximum IP datagram has been defined as 64K, most links enforce a smaller
maximum size for the packets. This maximum size is known as MTU (Maximum Transmission
Unit) and as you also know, different types of media have different MTU sizes they can
accommodate and transport. The most common IP MTU is 1500-bytes in length (Ethernet).
The IP implementation, as we know it, provides a mechanism to allow routers the
fragmentation and transmission of packets larger if there are differences in the MTU and a
packet is larger than what the outgoing media will support. Once a packet has been
fragmented to be sent over a media that will not support the original packet size, the end
station is responsible for the reassembly of the different fragments the original packet
was broken into.
GRE tunnels normally calculate their IP MTU size based on the physical link they will use
as the outgoing interface.
What you see in âshow interface Gig Xâ is the MTU of the interface and NOT the IP MTU.
In order for you to see the IP MTU you need to use the âshow ip interface Gig Xâ
When the tunnel is created, it deducts the 24-bytes it needs to encapsulate the passenger
protocols and that is the IP MTU it will use.
For example, if we are forming a tunnel over FastEthernet (IP MTU 1500) the IOS calculates
the IP MTU on the tunnel as:
1500-bytes from Ethernet - 24-bytes for the GRE encapsulation = 1476-Bytes
Let me explain this with a simple set up:
Lets say I configure a Tunnel interface and sourcing it via a physical interface which has an MTU of 1500, then the Tunnel
interface will have IP MTU of 1476, leaving space for the 24 byte GRE Header.
In my case, I am sourcing the packets from Gig0/0 which has physical interface of MTU 1500, so when I do a "show ip int Tu0",
You will see that the IP MTU is 1476.
Router#sh run int gi0/0
Building configuration...
Current configuration : 118 bytes
!
interface GigabitEthernet0/0
ip address 10.89.245.253 255.255.255.0
duplex auto
speed auto
media-type rj45
end
Router#sh run int tu0
Building configuration...
Current configuration : 127 bytes
!
interface Tunnel0
ip address 1.1.1.1 255.255.255.252
tunnel source GigabitEthernet0/0
tunnel destination 10.89.245.1
end
Router#sh int gi 0/0
GigabitEthernet0/0 is up, line protocol is up
Internet address is 10.89.245.253/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
Router#sh ip int tu 0
Tunnel0 is up, line protocol is up
Internet address is 1.1.1.1/30
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1476 bytes
Now, lets say I lower the IP MTU value on Gi0/0 to 1400, What should be the default new value on the tunnel interface?? You
are absolutely right, 1376 :-)
Router#sh run int gi0/0
Building configuration...
Current configuration : 131 bytes
!
interface GigabitEthernet0/0
ip address 10.89.245.253 255.255.255.0
ip mtu 1400
duplex auto
speed auto
media-type rj45
end
Router#sh ip int tu0
Tunnel0 is up, line protocol is up
Internet address is 1.1.1.1/30
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1376 bytes
Please standby.... More to follow in the second post due to character limitation
Regards,
Arul
** Please rate all helpful posts **
01-23-2008 02:03 PM
I believe this mtu should be 1476 i.e. 1500-24. 24 bytes are GRE overhead. However, depending upon MTU of interface tunnelled traffic is heading to, it could be 1500 as well.
Thanks.
01-23-2008 02:51 PM
The default for Tunnel interface is 1514. Please refer the below output from a lab router. You could very well run the same command on your chassis and confirm the default setting.
Router#sh int tu0
Tunnel0 is up, line protocol is down
Hardware is Tunnel
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
The MTU of the tunnel interface must be less than that of the corresponding
physical interface. The Tunnel MTU is also set according to the MTU of the
"source" interface. You have to be careful if your source interface has a
higher MTU than that of the interfaces between the source and destination. The
fix or implementation of the following bug allows you to set the tunnel MTU:
CSCdk15279
Regards,
Arul
** Please rate if it helps **
01-23-2008 07:52 PM
Arul, thank you for the explanation however I have another question: what exactly is the 'ip mtu 1500' config doing? When I do a 'sho int t1' as I should have known to do(duh) I still the mtu setting at 1514 as you said. How is that?
/rls
01-23-2008 09:33 PM
Robert,
Sorry, I spoke too soon. I should have focused on your question, which is "IP MTU" and referred you to the command "show ip interface Tu0" instead of "show interface tu0".
GRE packets are formed by the addition of the original packets and the required GRE
headers. These headers are 24-bytes in length and since these headers are added to the
original frame, depending on the original size of the packet we may run into IP MTU
problems.
Even though the maximum IP datagram has been defined as 64K, most links enforce a smaller
maximum size for the packets. This maximum size is known as MTU (Maximum Transmission
Unit) and as you also know, different types of media have different MTU sizes they can
accommodate and transport. The most common IP MTU is 1500-bytes in length (Ethernet).
The IP implementation, as we know it, provides a mechanism to allow routers the
fragmentation and transmission of packets larger if there are differences in the MTU and a
packet is larger than what the outgoing media will support. Once a packet has been
fragmented to be sent over a media that will not support the original packet size, the end
station is responsible for the reassembly of the different fragments the original packet
was broken into.
GRE tunnels normally calculate their IP MTU size based on the physical link they will use
as the outgoing interface.
What you see in âshow interface Gig Xâ is the MTU of the interface and NOT the IP MTU.
In order for you to see the IP MTU you need to use the âshow ip interface Gig Xâ
When the tunnel is created, it deducts the 24-bytes it needs to encapsulate the passenger
protocols and that is the IP MTU it will use.
For example, if we are forming a tunnel over FastEthernet (IP MTU 1500) the IOS calculates
the IP MTU on the tunnel as:
1500-bytes from Ethernet - 24-bytes for the GRE encapsulation = 1476-Bytes
Let me explain this with a simple set up:
Lets say I configure a Tunnel interface and sourcing it via a physical interface which has an MTU of 1500, then the Tunnel
interface will have IP MTU of 1476, leaving space for the 24 byte GRE Header.
In my case, I am sourcing the packets from Gig0/0 which has physical interface of MTU 1500, so when I do a "show ip int Tu0",
You will see that the IP MTU is 1476.
Router#sh run int gi0/0
Building configuration...
Current configuration : 118 bytes
!
interface GigabitEthernet0/0
ip address 10.89.245.253 255.255.255.0
duplex auto
speed auto
media-type rj45
end
Router#sh run int tu0
Building configuration...
Current configuration : 127 bytes
!
interface Tunnel0
ip address 1.1.1.1 255.255.255.252
tunnel source GigabitEthernet0/0
tunnel destination 10.89.245.1
end
Router#sh int gi 0/0
GigabitEthernet0/0 is up, line protocol is up
Internet address is 10.89.245.253/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
Router#sh ip int tu 0
Tunnel0 is up, line protocol is up
Internet address is 1.1.1.1/30
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1476 bytes
Now, lets say I lower the IP MTU value on Gi0/0 to 1400, What should be the default new value on the tunnel interface?? You
are absolutely right, 1376 :-)
Router#sh run int gi0/0
Building configuration...
Current configuration : 131 bytes
!
interface GigabitEthernet0/0
ip address 10.89.245.253 255.255.255.0
ip mtu 1400
duplex auto
speed auto
media-type rj45
end
Router#sh ip int tu0
Tunnel0 is up, line protocol is up
Internet address is 1.1.1.1/30
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1376 bytes
Please standby.... More to follow in the second post due to character limitation
Regards,
Arul
** Please rate all helpful posts **
01-23-2008 09:33 PM
.... Continuation from my previous post ***
Router#sh run int gi0/0
Building configuration...
Current configuration : 141 bytes
!
interface GigabitEthernet0/0
mtu 1500
ip address 10.89.245.253 255.255.255.0
ip mtu 1400
duplex auto
speed auto
media-type rj45
end
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
In the above scenario, lets say you try to configure a value of "IP MTU 1380" on the tunnel interface, then the router will
come back with a warning message like "%Warning: MTU set 1380 is greater than default 1376, fragments will happen"
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int tu0
Router(config-if)#ip mtu 1380
%Warning: MTU set 1380 is greater than default 1376, fragments will happen
Router(config-if)#
Now, lets say you went into the physical interface and changed the value to 1200 with the current configuration of IP MTU on
the Tunnel interface set to 1380. What will the value of IP MTU on the Tunnel interface??? You are almost there.... Yes it is 1176 :-)
Router(config)#int gi0/0
Router(config-if)#mtu
Router(config-if)#mtu 1200
Router(config-if)#end
Router#sh run int gi0/0
Building configuration...
Current configuration : 128 bytes
!
interface GigabitEthernet0/0
mtu 1200
ip address 10.89.245.253 255.255.255.0
duplex auto
speed auto
media-type rj45
end
Router#sh int gi0/0
GigabitEthernet0/0 is up, line protocol is up
Internet address is 10.89.245.253/24
MTU 1200 bytes, BW 100000 Kbit, DLY 100 usec,
Router#
Router#sh ip int tu0
Tunnel0 is up, line protocol is up
Internet address is 1.1.1.1/30
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1176 bytes
In your situation, I would focus on the IP MTU on the physical interface and configure the Tunnel interface IP MTU
accordingly. All Cisco documents suggest to change the MTU value on the tunnel interface since the fragmentation happens when the packet reaches it. The reason is if you set the MTU value on the physical interface, you will modify all packets (also those not traversing through the tunnel).
So there is the difference between using it on the physical and on the tunnel.
MTU on the tunnel ----> only affects packets travelling through it
MTU on the phsysical ----> all packets will be affected.
I am also enclosing an excellent URL that discusses this in detail:
http://www.cisco.com/warp/customer/105/pmtud_ipfrag.html#t7
Let me know if you have any additional questions.
Regards,
Arul
** Please rate helpful posts **
01-24-2008 05:26 AM
Arul, your explanation was excellent! Thanks for taking the time to give such a detailed explanation and example. Your post is a great example of how good these forums can be.
/rls
12-02-2011 11:04 AM
Response to ajagadee reply from above.
I am not seeing the same results (see below). We have a DMVPN using mGRE tunnels protected by IPSEC.
We are investigating slow repsonse issues and suspect we may have excessive fragmention.
ajagadee stated above the that IOS always factors in the MTU of the GRE and you can confirm this with the
sho ip interface command. See my example below. I removed the tunnel configuration and rebuilt it.
During the configuration phase there is an Warning stating the MTU of 1400 is greater than the current transport
value of 1352. However the show ip interface for tunnel 2 still shows the MTU of 1400
Is there another parameter that may affect the MTU and MSS settings?
Router1(config)#no int t2
Router1(config)#interface Tunnel2
service_policy on dynamic interface is not allowed if there is fair-queue configured on main interface
Router1(config-if)# description GRE tunnel interface to Tempe
Router1(config-if)# bandwidth 1500
Router1(config-if)# ip address 10.2.24.194 255.255.128.0
Router1(config-if)# ip mtu 1400
%Warning: IP MTU value set 1400 is greater than the current transport value 1352, fragmentation may occur
Router1(config-if)# ip pim sparse-mode
Router1(config-if)# ip hello-interval eigrp 65100 10
Router1(config-if)# ip hold-time eigrp 65100 40
Router1(config-if)# ip flow ingress
Router1(config-if)# ip flow egress
Router1(config-if)# ip nat outside
Router1(config-if)# ip nhrp authentication XXXX
Router1(config-if)# ip nhrp map 10.2.0.1 A.B.C.D
Router1(config-if)# ip nhrp map multicast A.B.C.D
Router1(config-if)# ip nhrp network-id XXXX
Router1(config-if)# ip nhrp holdtime 600
Router1(config-if)# ip nhrp nhs 10.2.0.1
Router1(config-if)# ip nhrp registration timeout 30
Router1(config-if)# ip virtual-reassembly in
Router1(config-if)# zone-member security TRUST
Router1(config-if)# ip tcp adjust-mss 1360
Router1(config-if)# ip summary-address eigrp 65100 10.32.248.0 255.255.255.0 5
Router1(config-if)# load-interval 30
Router1(config-if)# if-state nhrp
Router1(config-if)# qos pre-classify
Router1(config-if)# tunnel source GigabitEthernet0/1
Router1(config-if)# tunnel destination A.B.C.D
Router1(config-if)# tunnel key XXXX
Router1(config-if)# tunnel protection ipsec profile iGBN
Router1(config-if)# max-reserved-bandwidth 100
Router1(config-if)# hold-queue 4096 in
Router1(config-if)# hold-queue 4096 out
Router1(config-if)#end
Router1#sho ip int t2
Tunnel2 is up, line protocol is up
Internet address is 10.2.24.194/17
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1400 bytes
12-02-2011 11:26 AM
Hi Les,
The warning is given to inform you of the potential for fragmentation to occur.
It does not automatically adjust the ip mtu. Nor does it lower the mss of tcp sessions; this value is normally negotiated between end hosts on session setup.
If the maximum transport value is 1352, you should set the ip mtu to match this setting and also reduce the ip tcp adjust-mss accordingly to 1312.
regards,
Leo
12-26-2014 03:09 PM
Dear ajagadee,
Could you please clarify me exactly why the MTU of the tunnel interface must be less than that of the corresponding physical interface?
What could happen otherwise?
12-27-2014 03:36 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Hopefully Ajagadee will respond to your question on a seven year old post, but in the meantime, maybe the following will help you: http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html
01-03-2015 04:30 PM
I appreciated your support!
Thank you very much Joseph!
Regards Ronie
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide