Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

DMVPN MTU Calculations

Hi,

Please can someone help me understand why I am able to transmit a 1472 Byte packet without fragmentation across DMVPN Tunnel (IPSec protection mode)..

This is what I am expecting

  • IPSec Overhead (Transport mode saving 20 Bytes) 52Bytes
  • GRE Overhead 24Bytes
  • Total = 76 Bytes

The Tunnel runs over Ethernet (1500 Bytes) 1500 – 76 = 1424Bytes.. So how am I able to transmit 1472Bytes, I’ve checked the Links and can see the ESP encapsulation etc.. What have I got wrong?

Thanks

Grev 

Everyone's tags (1)
2 REPLIES
Cisco Employee

You mean no fragmentation on

You mean no fragmentation on the router, but what about reassembly on remote end.

How was this confirmed? How was it tested? What platforms? What versions? What configurations? There's lots of small bit that could add into it. :-)

 

At a glance it looks like DF bit was not copied over to IPsec header. Again, it's just a shot in the dark :-)

I would really suggest opening a TAC case for this, this description tickled something in my memory, but I can't put my finger on it.

Cisco Employee

Among others, this one rings

Among others, this one rings a bell - CSCtq09372

231
Views
0
Helpful
2
Replies
CreatePlease to create content