Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3706
Views
0
Helpful
1
Replies

MTU Size - GRE tunnels

stephendrkw
Level 3
Level 3

‎11-14-2011 07:03 AM - edited ‎03-09-2019 11:43 PM

I've created a Tunnel between a Cisco 2811 router and a Switch 6509, the tunnel works fine. However, I would like to run Multicast down this tunnel to avoid using a non-supported 3rd party network device that doesn't support multicast. Some of the multicast packets are above 1500 bytes. I would like figure out why the 6509 tunnel does not support frame sizes over 1500 bytes and the 2811 router does. I have applied ip mtu 1576 but this does not really come into play as the packets are UDP. problems seen below:

See the difference with MTU sh int tunnel1 - why is this

Switch config  (s72033_rp-IPSERVICESK9-M), Version 12.2(18)SXF13)

interface Tunnel1

ip address 10.210.183.14 255.255.255.252

ip mtu 1576

ip pim sparse-mode

keepalive 2 3 

tunnel source Loopback2

tunnel destination 10.210.183.254

end

Routers config (C2800NM-IPBASEK9-M), Version 12.4(24)T3)

interface Tunnel1

ip address 10.210.183.13 255.255.255.252

ip mtu 1576

ip pim sparse-mode

keepalive 2 3

tunnel source Loopback2

tunnel destination 10.210.183.250

end

SWITCH TUNNEL#sh int tun1

Tunnel1 is up, line protocol is up

Hardware is Tunnel

Internet address is 10.210.183.14/30

MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 28/255

Encapsulation TUNNEL, loopback not set

Keepalive set (2 sec), retries 3

Tunnel source 10.210.183.250 (Loopback2), destination 10.210.183.254, fastswitch TTL 255

Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled

Tunnel TTL 255

Checksumming of packets disabled, fast tunneling enabled

Last input 00:00:10, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1

Queueing strategy: fifo

Output queue: 0/0 (size/max)

5 minute input rate 1000 bits/sec, 1 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

L2 Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes

L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast

L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 17786 pkt, 1386206 bytes

     459623 packets input, 40759994 bytes, 0 no buffer

     Received 0 broadcasts (0 IP multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     287693 packets output, 77721813 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

ROUTER TUNNEL#sh int tun0

Tunnel0 is up, line protocol is up

Hardware is Tunnel

Internet address is 10.210.183.5/30

MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

Keepalive set (2 sec), retries 3

Tunnel source 10.210.183.254 (Loopback2), destination 10.210.183.249

Tunnel protocol/transport GRE/IP

   Key disabled, sequencing disabled

   Checksumming of packets disabled

Tunnel TTL 255

Fast tunneling enabled

Tunnel transport MTU 1576 bytes

Tunnel transmit bandwidth 8000 (kbps)

Tunnel receive bandwidth 8000 (kbps)

Last input 00:00:06, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/0 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

     12914 packets input, 704198 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     12981 packets output, 728594 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

    0 output buffer failures, 0 output buffers swapped out

Labels:
0 Helpful
1 Reply 1

stephendrkw
Level 3
Level 3

‎11-17-2011 02:34 AM

Turns out the problem was this bug

Bug CSCsi95211.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi95211

I found a way around it:

1.     configure MTU size on the interface vlan (same VLAN as Tunnel)

2.     then go back into the Tunnel and apply the same MTU size, the packet size limitation error does not show up, the show int tun command will still show 1514 bytes

3.     I then completed some ping tests over 1500 bytes between tunnel router <>switch and the packets do not fragment. which means in fact the size has been increased to 1575 bytes on the Tunnel interface even though sh inttunnel0 still shows 1514bytes (BUG!)

So success! which means I don't have to upgrade the IOS on my 6509 switches thankfully.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents