RE: OT: MTU adjustment for VPN MPLS over GRE

From: Scott Morris (swm@emanon.com)
Date: Wed Aug 17 2005 - 13:51:08 GMT-3

• Next message: Hans None: "ip prefix list"
• Previous message: Scott Morris: "RE: IPv6 NAT-PT IOS Image"
• Maybe in reply to: jon kim: "OT: MTU adjustment for VPN MPLS over GRE"
• Next in thread: Jongsoo: "Re: OT: MTU adjustment for VPN MPLS over GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

That is good to realize the general problems involved with MTU, and the fact
that you'll need to do some tweaking to handle the different values that
you'll run across with GRE tunnels, but MPLS VPNs add on to this.

And part of the problem is that there's no pat answer to it. While we know
that GRE adds a fixed length to the packet size, so do MPLS tags. Those are
4-bytes per tag. And how many stacked tags you will have will depend on
your provider or providerS involved in your network, and most likely they
aren't going to divulge this information to you.

You can always use extended ping to help you play around a bit with your
testing. Use the varying frame size and DF bit enabled to see how big you
can actually pass through the cloud. And go from there. There's a decent
article on Cisco's site dealing with this more from an LSP standpoint, but
in the show commands you can see some of the variety depending on what you
are looking at and where you are looking at it from.

http://www.cisco.com/warp/public/105/troubleshoot_mpls_vpn.html

If your provider has adjusted their network to allow jumbo frames (or baby
jumbo frames) where larger things caused by MPLS (tag-switching MTU) don't
cause fragmentation, then things may be ok. But it requires some work on
the underlying architecture to give you 1500 bytes end-to-end.

By picking the 1508 you did, are you running MPLS inside the GRE? Or are
you running GRE over MPLS and want to run your IP routing stuff inside the
GRE?
If the latter is the case (which I'd expect), then you need to do what the
original link below talked about for the GRE MTU issues. As a customer, you
SHOULD not (note: means you may) need to deal with reduced MTU from MPLS.
If you are responsible for the MPLS portion, look at the tag-switching mtu
command instead of the ip-mtu command sets.

HTH,

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jamie Caesar
Sent: Wednesday, August 17, 2005 12:14 PM
To: Jongsoo
Cc: ccielab@groupstudy.com
Subject: Re: OT: MTU adjustment for VPN MPLS over GRE

There may be something useful in this article. It contains a few options on
how to handle MTU issues with GRE tunnel interfaces:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080
093f1f.shtml

Jamie

On 8/16/05, Jongsoo <bstrt2004@gmail.com> wrote:
> I thought about this again and here is my thought ( maybe a wrong
thought!!!).
>
> The problem is how to deal IP packets w/ MTU1500 and DF set over MPLS
> and over GRE.
>
> Since the GRE-tunnel outgoing physical interface has MTU 1500, no
> matter what packet has to be fragmented.
> And I have two interfaces, GRE tunnel and physical interfaces that can
> fragment IP packet. Obviously, the problematic incoming IP packet to
> GRE tunnel has MTU1500 and DF set so that tunnel interface can not
> fragment due to DF set.
> I can fake the size MTU of GRE tunnel to meet the biggest szie of IP
> packet, which will make GRE IP packets to be generated without
> fragmentation. And when this large GRE IP packet goes out to the real
> physical interface, it will be fragmented because it is larger than
> MTU of physical interface and GRE IP OH doesn't have DF set.
>
> Anyway I think perhaps the correct MTU size for tunnel interface is
> 1532 = 24 ( IP OH + GRE OH) + 8 ( 2 MPLS tags since it is MPLS VPN) +
> 1500 ( ip packet)
>
> Basically, this MTU size of 1532 under tunnel interface will make IP
> packet( 1500 DF set) to be fragmented not in tunnel but in outgoing
> physical interface.
>
> Any thought on this?
>
>
> Jongsoo
> CCIE 14539
>
>
> On 8/16/05, jon kim <bstrt2004@gmail.com> wrote:
> > Group
> >
> > I transmit MPLS VPN traffic over GRE tunnel over public internet and
> > am having some issue, which looks like MTU issue.
> >
> > I made IP MTU 1508 ( 1500 + 2 MPLS tags) but no luck.
> >
> > I am sure soemone did this before and will appreciate any tip about
> > VPN MPLS over GRE .
> >
> >
> >
> > Thanks
> >
> > Jongsoo Kim
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Hans None: "ip prefix list"
• Previous message: Scott Morris: "RE: IPv6 NAT-PT IOS Image"
• Maybe in reply to: jon kim: "OT: MTU adjustment for VPN MPLS over GRE"
• Next in thread: Jongsoo: "Re: OT: MTU adjustment for VPN MPLS over GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3