Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPLS Cloud with remote site IPSec VPN MTU

Our WAN is a VPLS cloud.  We have fiber to most locations and MTU there is not a problem.  Our service provider offers a unique solution for sites that we cannot get direct fiber into or don't want to pay the cost.  For those sites, we bring in a DSL or Cable Internet connection.  The service provider then puts their router on that connection and hands off and ethernet connection to us.  Their router brings up a layer 2 VPN back to their network where they drop the traffic onto our VPLS cloud.  This makes the internet connected site look, feel and act just like any other VPLS site.

I believe we're having issues with MTU on these remote sites.  There's obviously some additional encapsulation overhead on the VPN sites.  We have a Cisco 2801 router at this remote site and an ASR 1001 at our corporate location.  I don't want to change the MTU on the corporate VPLS connection since that will reduce the size to all of the fiber connected sites.

Since we cut over from the old point-to-point T1, we've been having issues with Outlook connecting to Exchange and dropping connections.  A lot of web browsing is slow and sometimes times out.  It seems like the issue is with the mtu.  The packets seem to get dropped somewhere in transit to the remote site, but since the service provider is only layer 2, we don't get any ICMP messages from them.

What can be done do influence the MTU from the corporate location (and really any other location on the VPLS) to only 1 or 2 sites?  And the reverse direction as well?  I am running EIGRP across the VPLS.

I also don't believe the corporate router knows that the mtu to the VPN location should be smaller. (If that makes sense.)  If it did, the client at corporate should get an ICMP message from that router saying the packet needs to be fragmented.

Thanks.

Everyone's tags (3)
1 REPLY
Community Member

VPLS Cloud with remote site IPSec VPN MTU

Or would it make sense to just reduce the WAN MTU across the board for all sites?  What kind of impact would that have on throughput?

319
Views
0
Helpful
1
Replies
CreatePlease to create content