Netflow export INSISTS on creating 1464 byte packets, ignores interface MTU's

ggatten · ‎05-31-2011

I have numerous 18xx and 28xx exporting flow data over a DMVPN tunnel. The tunnel MTU is 1400 bytes. Netflow insists on using larger packets, which for some reason(s) my host can't reassemble them and netflow collector can't "see" them. tcpdump on collector box shows "bad udp cksum".

Packets of smaller sizes that are not fragemented work fine.

TIA

G

ggatten · ‎05-31-2011

packet capture from a sample router showing the forging of "large" packets, large being in excess of the source interface MTU.

IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.2 (Tunnel0), routed via FIB

IP: s=1.1.1.1 (local), d=2.2.2.2 (Tunnel0), g=172.29.1.1, len 1492, forward

UDP src=50769, dst=2060

IP: s=1.1.1.1 (local), d=2.2.2.2 (Tunnel0), len 1396, sending fragment

IP Fragment, Ident = 14766, fragment offset = 0

UDP src=50769, dst=2060

IP: s=1.1.1.1 (local), d=2.2.2.2 (Tunnel0), len 116, sending last fragment

IP Fragment, Ident = 14766, fragment offset = 1376

IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.2 (Tunnel0), routed via FIB

IP: s=1.1.1.1 (local), d=2.2.2.2 (Tunnel0), g=172.29.1.1, len 1492, forward

UDP src=50769, dst=2060

IP: s=1.1.1.1 (local), d=2.2.2.2 (Tunnel0), len 1396, sending fragment

IP Fragment, Ident = 14766, fragment offset = 0

UDP src=50769, dst=2060

IP: s=1.1.1.1 (local), d=2.2.2.2 (Tunnel0), len 116, sending last fragment

IP Fragment, Ident = 14766, fragment offset = 1376