06-13-2009 10:32 AM
I am searching for step by step guide to troubleshot fragmentation issues.
I have read some documents about fragmentation at cisco.com. But I do not see clear solution.
1. How can I use show ip traffic to understand do I have to do something or not?
2. Do I have to use path-mtu-discovery on GRE tunnel interfaces?
3. Where is the best place for ip tcp adjust-mss - inside or outside interfaces?
4. In what circumstances I need to use route-map with clear df bit?
5. Why and when do I need to adjust gre tunnel IP MTU?
6. I have UDP (RTP - IP Cameras) traffic passing through GRE tunnels - the picture is broken, a lot of artifacts. Can I do something with fragmented udp?
7. In what circumstances I need to use ipsec df-bit?
Thank you.
06-14-2009 06:02 AM
I'll try to answer your questions as best as possible:
1) This should show you if there were any fragmented packets. show ip traf | i Frag
2) No, you don't need to, as it is not reliable all the time unless you're allowing ICMP packet-too-big all through. DF-bit will need to be set to 1 as well for PMTUD to work.
3) ip tcp adjust-mss should be used on the inside interface
4) You shouldn't use this - this was done when the crypto ipsec df-bit clear command was not available
5) When path-mtu-discovery is not possible, but its always best to set this and not to pmtud. Value may vary, but 1400-1420 works best. It depends on the the type of encryption etc.
6)How do you know its getting fragmented? You can run "debug ip packet detail" with an access-list for the src/dst traffic and see if there are any fragments.
7) If you want to clear the df-bit, if you see packets getting dropped due to them being too big, and not being allowed to fragment. Ideally, with TCP traffic you want to use tcp adjust-mss so you don't have to clear the df-bit and the MSS is negotiated during the 3-way handshake.
06-14-2009 06:15 AM
Thank you.
Can I ask you some other questions regarding fragmentation a bit later?
06-14-2009 06:32 AM
Sure.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: