Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- configuration and troubleshoot WSA and https proxy

Community Member

fragment packets

Dear all,

i would like to request our help regard to fragmentation.
Client-Server topology.
Server send packets with 1500 Bytes with prohibited fragmentation (DF bit set).
WAN links, use GRE tunnels with IPSec encapsulation, as the result of this MTU on WAN links (1400 Bytes).
WAN router, follow server's request and do not fragment packets, drop packets and inform servers about maximum packet size.
Any idea how to resolve this issue?
Thanks in advance.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

Resolve what issue? You can

Resolve what issue? You can either allow fragmentation or allow TCP windowing to do it's job.

Super Bronze

As Collin has noted, if the

As Collin has noted, if the source host is setting the DF bit, and it's notified that packet needs fragmentation, normally source host should auto adjust MTU and resend.  This is "normal" although it incurs additional delay every time (usually host will retry full size packets after some time period) it happens.

As an alternative, it's possible to disregard the packet's DF bit, fragment it, and forward it anyway.  This avoids the delay every time host needs to adjust MTU but it does create fragmented packets.

Another alternative, if the path over which the tunnel rides supports a MTU that will contain the standard Ethernet max MTU of 1500 and tunnel overhead, those packets will not need to be fragmented.

For TCP packets, Cisco's ip tcp adjust-mss interface command can be use to insure the MTU is "right" at session setup and doesn't need to be re-adjusted.

3 REPLIES
Highlighted

Resolve what issue? You can

Resolve what issue? You can either allow fragmentation or allow TCP windowing to do it's job.

Super Bronze

As Collin has noted, if the

As Collin has noted, if the source host is setting the DF bit, and it's notified that packet needs fragmentation, normally source host should auto adjust MTU and resend.  This is "normal" although it incurs additional delay every time (usually host will retry full size packets after some time period) it happens.

As an alternative, it's possible to disregard the packet's DF bit, fragment it, and forward it anyway.  This avoids the delay every time host needs to adjust MTU but it does create fragmented packets.

Another alternative, if the path over which the tunnel rides supports a MTU that will contain the standard Ethernet max MTU of 1500 and tunnel overhead, those packets will not need to be fragmented.

For TCP packets, Cisco's ip tcp adjust-mss interface command can be use to insure the MTU is "right" at session setup and doesn't need to be re-adjusted.

VIP Purple

Hi

Hi

Just adding to the discussion, the value for ip tcp adjust-mss must be at least 40 bytes less than the MTU value, example:

int tu100
ip mtu 1400
ip tcp adjust-mss 1360

:-)

273
Views
8
Helpful
3
Replies
CreatePlease to create content