Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Strange PMTUD problem...

Hi, I have a cisco 1721 (and a 877 also) running 12.4 connected to an ADSL line with a WIC-ADSL.

As per documentation recommendation I have:

interface FastEthernet0

ip tcp adjust-mss 1452

...

interface Dialer0

ip mtu 1492

...

The router has a firewall IOS image, and is running cef, ips and qos.

Eerything worked like a charm until I configured a site-to-site VPN with another router. Pings and small packets were exchanged correctly, but not large packets.

This sounded like PMTUD problems, so I did deep enquiry of the issue and found the following issue:

I'm issueing commands on a linux box attached to a switch on the FastEthernet of the 1721.

I'm pinging the first hop after my router (certainly a router or DSLAM of our ISP), with DF bit set, so that I could get icmp unreachable with the proper MTU. This is without the Ipsec Tunnel activated.

Test 1, result OK: DF=1, size=1200

ping -c 3 -M do -s 1200 <ipremoved>

100% pinged

Test 2, result OK: DF=1, size=1800

ping -c 3 -M do -s 1800 <ipremoved>

icmp_seq=1 Frag needed and DF set (mtu = 1500)

This is the required behavior, except that the advertised MTU is 1500 instead of the configured 1492 on the Dialer Interface.

Test 3, NOK: DF=1, s=1465 to 1473

ping -c 3 -M do -s 1465 <ipremoved>

100% packet loss: no answer at all

The packet size is 1 byte greater than the MTU of my Dialer Interface. This should produce the same as the s=1800 test, right ?

In fact, my test have shown that packet size in the range 1492-1499 (ping size 1465-1473) can't be sent at all...

Can someone explain me what is wrong there ?

Or at least pointers to debug commands that could help me?

Full configuration available if necessary...

Many thanks,

Brice Figureau

1 REPLY
New Member

Re: Strange PMTUD problem...

Replying to myself...

It seems the LNS used by our ISP is "forcing" the PPPoE connection to have a MRU of 1500 in both direction (ie it can be seen with debug ppp negotiation).

Then the router got "confused", and thinks the PPPoE has a MTU of 1500 even though it displays 1492 in the config.

Then any packets of 1492 to 1500 are 'silently' dropped because for the router it is OK to forward them to the PPPoE connection, but there is not enough space for the packet...

Sounds like an IOS bug to me...

Is there a way I can trace the whole process ?

my debug ip packet don't show anything except router generated packets...

112
Views
0
Helpful
1
Replies