Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNP) > Discussions

_Communities

2943 Views 9 Replies Latest reply: Jun 13, 2011 9:31 PM by George Joseph RSS

Currently Being Moderated

Issue with ip mtu value

Jun 11, 2011 7:41 PM

George Joseph 71 posts since
Apr 3, 2011

R(config-if)# interface Tunnel1

R1(config-if)# ip mtu 1500

%Warning: MTU set 1500 is greater than default 1476, fragments will happen

R1(config-if)#

 

will this cause any issues if i proceed with this value? This is to configure the tunnel interface as part of encrypting the link..

  • John 2,289 posts since
    Jan 17, 2009
    Currently Being Moderated
    1. Jun 12, 2011 6:07 AM (in response to George Joseph)
    Re: Issue with ip mtu value

    Hi

     

    In my networks fragmentation can be a very big issue, if any of them do not arrive or they arrive in the wrong order then the whole thing gets sent again which for me = low throughput, customer complaints and a long day troubleshooting.

     

     

     

     

     

    Regards

    John

  • Brian 2,971 posts since
    Aug 17, 2009
    Currently Being Moderated
    2. Jun 12, 2011 10:11 AM (in response to George Joseph)
    Re: Issue with ip mtu value

    Aloha George,

     

    Is this a GRE tunnel?  Here is a nice document that discusses some of the issues with GRE tunnels and MTU.  The GRE protocol uses a 24 byte header, so the MTU for GRE is 1476 (1500 - 24) by default.

     

    http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080093f1f.shtml

     

    Setting the MTU on the tunnel interface to 1500 as noted by the warning message and John's observations are correct.  This causes packets to be fragmented and increases memory usage on the receiving device for the tunnel.  Resulting in a decrease in the actual throughput.

     

    HTH

  • John 2,289 posts since
    Jan 17, 2009
    Currently Being Moderated
    3. Jun 12, 2011 10:18 AM (in response to George Joseph)
    Re: Issue with ip mtu value

    Hi

     

    From the book

    The verification command output looks almost identical as well, but with just a few differences to note. IOS uses a different convention for the link local address created for a GRE tunnel interface. It works as if the tunnel interface is a serial interface, deriving the interface ID using EUI-64 rules and the MAC address of the first LAN interface on the router.

     

    The second difference relates to how IOS automatically sets the MTU of the passenger protocols (IPv6 in this case) to 1476 for GRE tunnels; with manually configured tunnels, the passenger MTU was set to 1480.

     

    These settings allow space in both modes for the 20-byte additional IPv4 header that encapsulates the packet, plus in the case of GRE, the additional 4-byte GRE header.

     

     

     

     

    Regards

     

    John

  • Brian 2,971 posts since
    Aug 17, 2009
    Currently Being Moderated
    4. Jun 12, 2011 10:46 AM (in response to John)
    Re: Issue with ip mtu value

    Thanks John.  Yes the 24 byte header is actually 20 for IP and 4 for GRE.  I should have said GRE adds 24 bytes of overhead.

     

    Brian

  • eoghancullen 13 posts since
    Oct 18, 2008
    Currently Being Moderated
    6. Jun 13, 2011 7:25 AM (in response to George Joseph)
    Re: Issue with ip mtu value

    GRE is not encryption.

  • John 2,289 posts since
    Jan 17, 2009
    Currently Being Moderated
    7. Jun 13, 2011 7:40 AM (in response to eoghancullen)
    Re: Issue with ip mtu value

    Hi

     

    Found this on GRE.

    GRE is a tunnelingprotocol used to transport packets from one network through another network.

     

    If this sounds like a virtual private network (VPN) to you,that's because it theoretically is: Technically, a GRE tunnel is a type of aVPN—but it isn't a secure tunneling method. However, you can encrypt GRE withan encryption protocol such as IPSec to form a secure VPN. In fact, the point-to-point tunneling protocol (PPTP)actually uses GRE to create VPN tunnels. For example, if you configureMicrosoft VPN tunnels, by default, you use PPTP, which uses GRE.

     

     

    Why would I use GRE?

     

    Why would you tunnel traffic using GRE? Here are some of thereasons:

     

    You need to encrypt multicast traffic. GRE tunnels can carry multicast packets—just like real network interfaces—as opposed to using IPSec by itself, which can't encrypt multicast traffic. Some examples of multicast traffic are OSPF, EIGRP, and RIPV2. Also, a number of video, VoIP, and streaming music applications use multicast.

    ==

    You have a protocol that isn't routable, such as NetBIOS or non-IP traffic over an IP network. For example, you could use GRE to tunnel IPX or AppleTalk through an IP network.

    ==

    You need to connect two similar networks connected by a different network with different IP addressing.

     

     

    Regards

    John

  • eoghancullen 13 posts since
    Oct 18, 2008
    Currently Being Moderated
    8. Jun 13, 2011 7:52 AM (in response to John)
    Re: Issue with ip mtu value

    Yep, exactly.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)