Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSM & don't fragment flag behaviour

Hello,

I have some problems with large packets send from CSM VIP towards clients over

a GRE Tunnel with MTU 1400.

Some packets are send out with don't fragment flag set and some with unset flag.

Question1: is it possible to influence CSM don't fragment flag behaviour via configuration ?

Question2: is CSM able to react on ICMP type 3 code 4, in other words is CSM able to perform MTU path discovery ?

Would be happy about any answer.

Best regards

Volker Kreisel

  • Application Networking
3 REPLIES
Cisco Employee

Re: CSM & don't fragment flag behaviour

Volker,

the CSM itself does not set this flag or do PMTUD. It's the server behind the CSM that sets the flag or does PMTUD.

The CSM just passes what it receives to server or the client.

I would recommend to sniff the csm portchannel and filter on a client ip. You will see what is going on.

Also, if the traffic goes through the MSFC, you can use a policy-map to overrid the DF bit if you want.

Gilles.

New Member

Re: CSM & don't fragment flag behaviour

Gilles,

thanks for your hint with policy-map on MSFC.

I'll discuss with my server providers if

we turn off PMTUD and configure MTU with fix length 1400 or if we go for the MSFC solution.

Volker

New Member

Re: CSM & don't fragment flag behaviour

Gilles,

I think because of performance issues it makes sense to avoid fragmentation.

PMTUD is not working because ICMP(code3, type4) makes it only from tunnel to the CSM VIP and doesn't reach the server.

Is it possible to configure the CSM VIP in a

way that she can forward the ICMP packet to the right server ? (who send out a packet > 1400)

Volker

203
Views
0
Helpful
3
Replies
This widget could not be displayed.