From: buesink@fma.nl
Date: Mon Jul 25 2005 - 14:20:26 GMT-3
Hi Guys,
I have hosts in a vlan on the 6500 (mtu 1500) and I have hosts on the 2800.
They are connected with a tunnel, over this tunnel I'm running ipsec.
When copying LARGE files I run into troubles (slow traffic).
I'm sure the ICMP is permitted on all directions (PMTUD)
Could you please help me on this one:
hosts <--6500 --3750--(internet)--3750--2800--> hosts
tunnel/gre ------------------------tunnel/gre
incoming interface mtu on 6500 = 1500 (where hosts reside)
incoming interface mtu on 2800 = 1500 (where hosts reside)
Tunnel interfaces on 6500 & 2000 are using "ip mtu 1440", since
I use "mode transport" with the tranform statement (crypto) for ipsec.
And cisco recommends this "tranport mode" since we are running ipsec over tunnel
When I debug icmp, I see ICMP redirects code 3 type 4 (DF bit set), from hosts on the 2800 sending to the 6500 hosts.. I think this is normal, because their doing PMTUD.
But large file copies (20 MB = 30 minutes) are having problems over this link, NOTE this link is 1 Gigabit (from 3750 to 3750 = internet connection).
Could this be MTU related, or am I searching in the wrong direction?
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:31 GMT-3