A client of ours has Cisco 1811's on each side of a Metro E link. I don't have access to them, but had the client dump some of the output. I'm seeing a tunnel interface setup on each router running GRE. The default route to each site points to the IP on the other end of the tunnel interface. Then, they're also running IPSEC on the WAN (Ethernet) interface. I believe that they're likely running into the fragmentation scenario explained in this doc:
interface FastEthernet1 ip address x.xx.x. 255.255.255.192 ip access-group 102 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly duplex auto speed auto crypto map SDM_CMAP_1
I had the client do a 'show tunnel 0' and I confirmed that it's a GRE tunnel and the MTU is 1476:
XX1811#show int tunnel 0
Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel protocol/transport GRE/IP Key disabled, sequencing disabled Checksumming of packets disabled Tunnel TTL 255 Fast tunneling enabled Tunnel transport MTU 1476 bytes
I assume the WAN interface MTU is 1500 since it's Ethernet.
I'm just looking to get confirmation that fragmentation (and especially Scenario 9) could be an issue here that could affect performance between the 2 sites.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...