On 7/25/13 2:59 AM, Marc, LX1DUC wrote:
By defautl GRE provides an Layer3 MTU of 1476 bytes. How will you cope with packet fragmentation or in case DF=1 with ICMP type=3 code=4 (The datagram is too big. Packet fragmentation is required but the 'don't fragment' (DF) flag is on.) filtering.
Yes, but this is why we have PMTUD. It works fine so long as ICMP is not blocked. If ICMP is blocked, then some one along the path needs to get some clue. I've only encountered this on private networks (LAN's, and packet cores where IT runs it). Generally it's fixed with me screaming "YOU'RE BREAKING THE INTERNET STUPID!" ;)
Also as it only really efficts TCP, I solve it on my GRE tunnels with ip tcp adjust-mss 1436 in cisco set interface $interface ip tcp adjust-mss 1436 in juniper tcp-mss-adjust 1436 under an SDP config in Alcatel-Lucent
73's
Yes, but this is why we have PMTUD. It works fine so long as ICMP is not blocked. If ICMP is blocked, then some one along the path needs to get some clue. I've only encountered this on private networks (LAN's, and packet cores where IT runs it). Generally it's fixed with me screaming "YOU'RE BREAKING THE INTERNET STUPID!" ;)
Yes I'm aware of PMTUD, but I still find big sites blocking ICMP PTB and some NAT/router boxes seem to block ICMP completely. Often enought I've found those people think they are doing the right thing, even after contacting them, usually these are also the people who contact me about NTP query response packages "attacking" their network. (See RFC 6305)
Also as it only really efficts TCP, I solve it on my GRE tunnels with ip tcp adjust-mss 1436 in cisco set interface $interface ip tcp adjust-mss 1436 in juniper tcp-mss-adjust 1436 under an SDP config in Alcatel-Lucent
What is your experience with that setup? Does it always (99.999% :-D) work? If so, count me in an let's go with it.
73 de Marc, LX1DUC
My experience is with Cisco's "ip tcp adjust-mss xxx". It works 100% in all cases I've seen. Some very large deployed networks use that functionality. The only times we have issues is when folks remove that statement thinking it is redundant to MTU size. (We set both)
73-KY9K/Brian
On 7/25/2013 8:59 AM, Marc, LX1DUC wrote
Also as it only really efficts TCP, I solve it on my GRE tunnels with ip tcp adjust-mss 1436 in cisco set interface $interface ip tcp adjust-mss 1436 in juniper tcp-mss-adjust 1436 under an SDP config in Alcatel-Lucent
What is your experience with that setup? Does it always (99.999% :-D) work? If so, count me in an let's go with it.
73 de Marc, LX1DUC _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html
-
Brian D Heaton -
Bryan Fields -
Marc, LX1DUC