GRE tunnel

Unanswered Question
Jul 14th, 2009
User Badges:

Hi,

I have a problem with a GRE tunnel between 2 sites by SDSL 512kbps, GRE traffic increases dramatically and saturate the link with "Fragmented IP protocol" 1514octets, how to avoid this saturation?, Which configuration must be added to correct?

I use cisco 2621MX on the both sites.

Thanks for your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Istvan_Rabai Tue, 07/14/2009 - 23:42
User Badges:
  • Gold, 750 points or more

Hi Lionel,


It seems to me that the problem is that your SDSL interface mtu may be something like 1500 bytes.


The size of the original packets + the size of the GRE encapsulation (24 bytes) exceeds this 1500 bytes. This is why the packets are fragmented so the router can transmit them over the physical interface with a smaller mtu.


The solutions may be different, but all of them lead to the same result:


The final packet size (original packet size + GRE encapsulation (24 bytes)) should not exceed the SDSL interface mtu.



1. Manually limit the packet size on your hosts. For this, you have to make a little calculation.


Packet size = SDSL interface mtu - 24 bytes


2. Enable path-mtu discovery on the hosts and set the DF-bit (Don't Fragment) to 1 on all packets. The path-mtu discovery process will take care of setting the packet size that can be transmitted over the path that includes the GRE tunnel.


3. If your traffic is tcp traffic only: configure the maximum tcp segment size on the router tunnel interfaces with the "ip tcp adjust-mss" command.

Again you have to do some calculation:


The tcp maximum segment size is calculated as follows:


TCP MSS = SDSL interface mtu - 24 bytes - 40 bytes


24 bytes = GRE encapsulation

40 bytes = the size of the original ip header + tcp header.


Note:

If PPPoE is configured on the SDSL interface then you should also take into account the size of PPPoE encapsulation.


Cheers:

Istvan

Joseph W. Doherty Wed, 07/15/2009 - 02:44
User Badges:
  • Super Bronze, 10000 points or more

To clarify the information both Vishwa and Istvan provided, if possible, you want both PMTU working and "ip tcp adjust-mss". The former informs the host to reduce its MTU if its too large, the latter avoids the overhead involved and too large MTU (initially) for TCP.


Also, the "ip tcp adjust-mss", if I recall correctly, is a later IOS feature. I.e. It might not be found on your 2621MXs without an IOS version upgrade.

alsonlionel Wed, 07/15/2009 - 03:38
User Badges:

Thanks for your suggestions

josephdoherty> so, if i understand very well, i must upgrade the IOS of both routers? do you have another solutions?

Thanks...

Joseph W. Doherty Wed, 07/15/2009 - 04:53
User Badges:
  • Super Bronze, 10000 points or more

Another solution? None beyond what's already been posted.


Must you upgrade both routers? Actually, if I recall correctly, no. The mss adjust command only needs to be somewhere in-line for the traffic. It could be set on just one of the two routers (tunnel inteface 1st choice).


Whether you need to upgrade at all depends on what IOS version introduced this feature (mss adjust). (NB: Sometimes newer IOSs aren't available for really old hardware [which might not be an issue for your hardware].)

alsonlionel Thu, 07/16/2009 - 04:43
User Badges:

Hi all,

I've changed the mss and the path-mtu-discovery on the router but the link behaves as before; wireshark shows a lot of packet (Fragmented IP protocol (proto=GRE 0x2f, off=0)) like:

1514 bytes on wire, 1514 bytes captured

ethernet II....

internet Protocol....

data (1480 bytes)

see attachment for a print-screen



Attachment: 
Joseph W. Doherty Thu, 07/16/2009 - 13:30
User Badges:
  • Super Bronze, 10000 points or more

Actual configuration?


BTW, have you verified PMTU is working between end hosts?

Scott Cannon Thu, 07/16/2009 - 15:06
User Badges:

In addition to setting mtu discovery, can I suggest manually setting the MTU on the PHY interfaces on both routers?


ie. an MTU of 1470 should ensure you equate for everything (GRE & PPP headers, etc). If it doesnt work, make it smaller.



Actions

This Discussion