Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

GRE, IPsec, and MTU

We have created a tunnel between two routers across DS-3 serial interfaces, then encrypt the data. Since the mtu of the interface can be set to over 4,000 bytes, can we set the mtu of the serial interface, the ip mtu of the serial interface, the mtu of the tunnel, and the ip mtu of the tunnel to a high value with the goal of avoiding fragmentation?

The topology is simple...


By the way, what is the difference of mtu and ip mtu?


Re: GRE, IPsec, and MTU

Yes, you can set a high MTU to avaid fragmentation. There is a trade off though in terms of the amount that would have to be sent for retransmissions.

MTU size is applicable to all protocols while IP MTU is just IP and may not exceed the MTU size. You may wish to have a different mtu for tuning purposes.

New Member

Re: GRE, IPsec, and MTU

O.K. The end systems are all ethernet and cannot send payloads larger than 1500 bytes. No protocol other than IP would traverse this tunnel.

Since the tunnel is across a WAN link and we can set the serial interface mtu as high as 4474, how about this...

Serial Interface mtu 4474

Serial Interface ip mtu 4474

Tunnel Interface mtu 1600

Tunnel Interface ip mtu 1600

Therefore a 1500 byte payload ethernet + GRE + IPsec would not be larger than 1600 bytes and fit across the tunnel. At the other end , the overhead is removed and we are back to the original 1500 byte payload.

This would allow TCP and UDP to operate without worrying about fragmentation and/or PMTUD.

What do you think?