Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Gre tunnel issue w/ one application.

Have a network

{system}_______Cat 6509 ---GRE---- Cat 3550_____{system}

Of course the GRE tunnel chops down the mtu size, so the highest I can perform the ping command (ping ip -f -l 1448) which when you add your 28 it comes to 1476 total. I can ping ip -l 1500 and get a ping response, though this packet is fragmented. An application works fine when plugged locally into SW1, but the system has problems when traversing the GRE tunnel because the MTU is chopped down. I have been trying to tell the sys admin that this is because the GRE tunnel chops down the MTU size and it seems his system does not handle fragmented packets. The fix has been to lower the MTU in regedit within the Windows box and everything works fine. He is not happy with this fix. He states that the system worked 2 weeks ago and now it does not work. He has not used it since then. He states no changes were made on his system. THe system uses UDP. I have only updated my IOS version on the 6509 to 12.2 SXF8. Keep in mind everything else but this one system is having issues within the network. Any idea or experience with a similar problem? Any comments would be appreciated. P.S. In this network I must run GRE tunnels, so that is not an option.

7 REPLIES

Re: Gre tunnel issue w/ one application.

Hi,

May be this application sets the DF bit, can you try reducing the mss, as per the following document, i am sure that you have seen this document before but just a try:

http://www.cisco.com/warp/public/105/56.html

HTH, please rate if it helps,

Mohammed Mahmoud.

Community Member

Re: Gre tunnel issue w/ one application.

I don't have the ip tcp adjust-mss command in my 6509. I have a Sup720 card. How do I get this command. I do know that my tunnels are software switched. The only command that I have that is remotely like that is ip tcp mss in global config.

Bronze

Re: Gre tunnel issue w/ one application.

Hi,

tcp adjust mss is for tcp traffic only,

not udp.

Regards,

Bjornarsb

Re: Gre tunnel issue w/ one application.

Hi,

No, its an interface command, The TCP MSS Adjustment feature enables the configuration of the maximum segment size (MSS) for transient packets that traverse a router:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00804247fc.html

HTH, please rate if it does help,

Mohammed Mahmoud.

Community Member

Re: Gre tunnel issue w/ one application.

I know it is an interface command, but it does not exist in my 6509 IOS version command line. I did find out it was TCP data also. I am running 12.2(18)SXF8

s72033-ipservicesk9-mz.122-18.SXF8.bin

Re: Gre tunnel issue w/ one application.

Hi,

Ok, as a last trial, a workaround for these problems is to configure the IP sender to disable PMTUD. This causes the IP sender to send their datagrams with the DF flag clear. When the large packets reach the small-MTU router, that router fragments the packets into multiple smaller ones. The smaller, fragmented data reaches the destination where it is reassembled into the original large packet.

http://www.cisco.com/en/US/tech/tk870/tk877/tk880/technologies_tech_note09186a008011a218.shtml#win2k

This was the best way i've solved with it the problem many times, but you'll have to agree on it with your sys admin.

HTH, please rate if it does help,

Mohammed Mahmoud.

Bronze

Re: Gre tunnel issue w/ one application.

Hi,

Your links are ok, but they only works for tcp. TCP and UDP operates quiet differently.

ip tcp adjust-mss max-segment-size

Example:

Router(config-if)# ip tcp adjust-mss 1452

Adjusts the MSS value of TCP SYN packets going through a router. The max-segment-size argument is the maximum segment size, in bytes. The range is from 500 to 1460.

TCP have flow control, UDP is just best effort!

ip mtu bytes

Example:

Router(config-if) ip mtu 1491

Sets the MTU size of IP packets, in bytes, sent on an interface

So from my point of view this system have a bad design since it is set up using so large udp datagrams. It not best practice.

Regards,

Bjornarsb

219
Views
0
Helpful
7
Replies
CreatePlease to create content