GRE tunnel mtu size issue

Unanswered Question
Jun 18th, 2010
User Badges:

Hi there

The customer saw the RADIUS replies have a size of 1423 bytes.

However, the RADIUS server  can not reach the remote WIFI controller  with MTU above 1344 bytes.

The RADIUS request has a size of 423 which goes through. So the server sends a packet back to the controller, but because of MTU the packet never arrives.

[WIFI controller mtu<1344] --------------[router]----------------GRE Tunnel-------------------[Data Center]---------------[Radius Server]



on the LAN dacing the WIFI controller we got setuo the df bit to 0

on the Tunnel facing the DC we have :

interface Tunnel0
ip mtu 1372
ip tcp adjust-mss 1322

[Data Center]


on the Tunnel facing the router

interface Tunnel0

ip mtu 1372
ip tcp adjust-mss 1322

On the connection facing the Radius server we got df bit setup to 0


The way teh df bit is setup :

route-map CLEAR-DF permit 10
set ip df 0
and under the interface

ip policy route-map CLEAR-DF

Looking at the confign the customer shouldn't receive a mtu of 1433 in any case as we are adjusting it to get max 1322? Also I was wondering if I should use ip virtual-reassembly cmd? Shall i use it on the [router] under the interface feacing the [WIFI controller]?

Thanks in advance for any suggestion


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
melaniemaillet Fri, 06/18/2010 - 07:26
User Badges:

Thanks i will try that

How do you get a MTU of 1362 with a tcp adjust of 1322? Will it bring possible issue if we keep teh mtu at 1372?



francisco_1 Fri, 06/18/2010 - 08:46
User Badges:
  • Gold, 750 points or more


when using GRE you have to take in to consideration that  GRE adds another 24 bytes to a packet and after this increase the packet may need to be fragmented because it is larger then the outbound MTU. Because the packet will be too large for the IP MTU after the GRE overhead (24 bytes) is added, the forwarding router breaks the datagram into two fragments of 1476 (20 bytes IP header + 1456 bytes IP payload) and 44 bytes (20 bytes of IP header + 24 bytes of IP payload) so after the GRE encapsulation is added, the packet will not be larger than the outgoing physical interface MTU.

In you case you could use PMTUD. PMTUD is needed in network situations where intermediate links have smaller MTUs than the MTU of the end links by reduceing the effective MTU of the outgoing interface.


francisco_1 Fri, 06/18/2010 - 09:29
User Badges:
  • Gold, 750 points or more


PMTU is only supported by TCP. UDP and other protocols do not support it. I was focusing on the GRE side of your config and the GRE header overhead..



This Discussion