Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

PMTUD is broken

Hi all,

I tried to solve problem with fragmentation and configured parameters as below. The same is on the router on the other side.

interface Tunnel0

ip mtu 1438

tunnel path-mtu-discovery

...

I configured GRE over IPSEC (transport mode), and problem is PMTUD. It seem to be broken. I don't have firewall between router. Ping to other side with large packet and set DF bit is unsuccesful. With sniffer I saw one ICMP request sent and received ICMP unreachable packet but subsequent ping packets is again unsuccesful and ping packets was not seeing with sniffer.

Any suggestions is helpfull!

  • Other Security Subjects
3 REPLIES

Re: PMTUD is broken

99% of the time the PMTUD issue is with the local/remote end machines = Windows.

Basically in my experiance it just does not work, and it's a windows issue not a network issue.

To get around it you should consier:-

1) Change the MTU on the machine NIC's (does not scale so good in a large network)

2) take advantage of the tcp-mss-adjust feature in most cisco platforms.

3) Write a policy to remove to set the DF bit to 0

HTH>

Re: PMTUD is broken

Please check the following document. It may help to resolve your issue:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

regards,

Leo

Cisco Employee

Re: PMTUD is broken

This will not work.

The reason is that even if Windows see the "ICMP unreachable" it will not change its ping size. The ping was set to be sent with big payload and Windows will keep sending it that way, causing it to fail.

The unreachable is sent to alert the client so it sends smaller packets. In case this was TCP then the Windows device should changes it MSS and send smaller payloads.

I hope it makes sense.

PK

142
Views
0
Helpful
3
Replies