R(config-if)# interface Tunnel1
R1(config-if)# ip mtu 1500
%Warning: MTU set 1500 is greater than default 1476, fragments will happen
will this cause any issues if i proceed with this value? This is to configure the tunnel interface as part of encrypting the link..
In my networks fragmentation can be a very big issue, if any of them do not arrive or they arrive in the wrong order then the whole thing gets sent again which for me = low throughput, customer complaints and a long day troubleshooting.
Is this a GRE tunnel? Here is a nice document that discusses some of the issues with GRE tunnels and MTU. The GRE protocol uses a 24 byte header, so the MTU for GRE is 1476 (1500 - 24) by default.
Setting the MTU on the tunnel interface to 1500 as noted by the warning message and John's observations are correct. This causes packets to be fragmented and increases memory usage on the receiving device for the tunnel. Resulting in a decrease in the actual throughput.
From the book
The verification command output looks almost identical as well, but with just a few differences to note. IOS uses a different convention for the link local address created for a GRE tunnel interface. It works as if the tunnel interface is a serial interface, deriving the interface ID using EUI-64 rules and the MAC address of the first LAN interface on the router.
The second difference relates to how IOS automatically sets the MTU of the passenger protocols (IPv6 in this case) to 1476 for GRE tunnels; with manually configured tunnels, the passenger MTU was set to 1480.
These settings allow space in both modes for the 20-byte additional IPv4 header that encapsulates the packet, plus in the case of GRE, the additional 4-byte GRE header.
Found this on GRE.
GRE is a tunnelingprotocol used to transport packets from one network through another network.
If this sounds like a virtual private network (VPN) to you,that's because it theoretically is: Technically, a GRE tunnel is a type of aVPN—but it isn't a secure tunneling method. However, you can encrypt GRE withan encryption protocol such as IPSec to form a secure VPN. In fact, the point-to-point tunneling protocol (PPTP)actually uses GRE to create VPN tunnels. For example, if you configureMicrosoft VPN tunnels, by default, you use PPTP, which uses GRE.
Why would I use GRE?
Why would you tunnel traffic using GRE? Here are some of thereasons:
You need to encrypt multicast traffic. GRE tunnels can carry multicast packets—just like real network interfaces—as opposed to using IPSec by itself, which can't encrypt multicast traffic. Some examples of multicast traffic are OSPF, EIGRP, and RIPV2. Also, a number of video, VoIP, and streaming music applications use multicast.
You have a protocol that isn't routable, such as NetBIOS or non-IP traffic over an IP network. For example, you could use GRE to tunnel IPX or AppleTalk through an IP network.
You need to connect two similar networks connected by a different network with different IP addressing.