Re: Recommendation for IP MTU setting with DMVPN

aacole · ‎06-23-2006

I have a dual DMVPN setup which works fine, apart from a performance issue. Its probable that this is a packet fragmentation issue as I'm seeing many reassambled fragments on my encryption routers. The IP MTU value on the tunnel is 1436, as recommend by R Deal in his VPN configuration guide. If I remove the IP MTU 1436 command, and let IOS select its own value that returns 1472 for IP MTU.

Reading up on Cisco.com various values are mentioned, 1400, and 1440. As this is a production network under change control I'm after recommendations from other working networks, to get this fixed.

I'm also using MSS adjustment for TCP setting a value of 1360, and have a route-map to clear the DF bit in TCP and UDP frames.

I'm using IPSec transport mode, and there are no NAT boundaries for the IPSec to cross.

aghaznavi · ‎06-29-2006

Did you try setting to 1524 maximum transmission size?

attrgautam · ‎06-29-2006

if iam right as you are already MSS, then the maximum size of your TCP packets will not exceed 1400 so MTU becomes irrelevant completely. Are you still having problems with applications ? Did you try using PMTUD ?

AJAZ NAWAZ · ‎02-27-2009

Hello aacole,

Although I don't have a problem with MTU as such, performance is an issue. I believe this can be improved by tuning MTU configuration even if it's a little bit. Did you manage to reach optimal working figures and settings for MTU on DMVPN?

tia

Ajaz