Re: Fragmentation DMVPN (GRE over IPSec) from Radioactive Frog on 2011-06-09 (Ccielab archives 06/2011)

From: Radioactive Frog <pbhatkoti_at_gmail.com>
Date: Fri, 10 Jun 2011 12:27:09 +1000

I have had issues with larger UDP packet too after lowering value to 1300
... Chales is right!

On Fri, Jun 10, 2011 at 12:24 PM, Charles Zhuang
<charleszhuangau_at_gmail.com>wrote:

> Hi Joseph,
>
> Thanks for ur reply. TCP-adjust have already been used. But large UDP
> packets still need to be fragmented.
>
> Cheers
>
> Charles
>
> -----Original Message-----
> From: Joseph L. Brunner [mailto:joe_at_affirmedsystems.com]
> Sent: Friday, 10 June 2011 11:42 AM
> To: Charles Zhuang; ccielab_at_groupstudy.com
> Subject: RE: Fragmentation DMVPN (GRE over IPSec)
>
> Wrong... prevent fragmentation in the first place...
>
> Lower all servers to 1300 MTU and or use ip tcp adjust-mss on the server
> facing interface of all routers...
>
> Come on man!
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Charles Zhuang
> Sent: Thursday, June 09, 2011 8:21 PM
> To: ccielab_at_groupstudy.com
> Subject: Fragmentation DMVPN (GRE over IPSec)
>
> Hi Guys,
>
>
>
> To use crypto ipsec fragmentation before-encryption (LAF) will have better
> performance according to Cisco.
>
>
> http://www.cisco.com/en/US/docs/ios/12_1/12_1e11/feature/guide/lookaheadfrag
> .html
>
>
>
> But I tried both ( before & after) and it seems to me after is slightly
> better ( CPU utilization). Don't know why. There is another Cisco link
> explaining after-encryption, but the condition is crypto map applied on
> both
> physical and tunnel interfaces.
>
> http://www.cisco.com/en/US/ts/fn/620/fn62394.html
>
>
>
> Not sure if anyone has any experience on this... What is the best practise
> in DMVPN phase 1 environment.
>
>
>
> Thanks
>
>
>
> Charles
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 10 2011 - 12:27:09 ART

This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:28 ART