Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1884
Views
0
Helpful
5
Replies

MTU mismatch

bradleyordner
Level 3
Level 3

‎06-08-2021 04:13 PM - edited ‎06-08-2021 04:14 PM

Hi all, 

 

Is there any reason why you would have MTU different inside a single VLAN? I have a problem that is too long to go into right now, but I have a Cisco ASR (SDWAN code) , a Palo Alto firewall and a Nexus switch all in the same VLAN. The network uses static routes to pass traffic from ASR, to Nexus and then to the firewall (no idea why). I have noticed the ip mtu is set as 1450 on the ASR VLAN sub-interface, the PA has a standard MTU of 1500 and the Nexus, well I am not quite sure as I don't have access. 

 

Would any traffic passing through these devices on the LAN have any issues with this MTU mismatch? In a packet capture the 3 way handshake, shows a packet no bigger than 1378 being sent through the firewall, with a MSS of 1320 via clamping on ASR. 

 

Thanks

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎06-08-2021 05:13 PM

Do you see any performance issue for now, or is this for clarification ? ( there may be some reason behind someone configured before set lower MTU to work, but you can do some test with higher MTU and see how your test goes and increase to what works in the network).

 

 

here are different scenarios of MTU how the packets are sent based on the MTU size when the packets are Fragment takes place.

 

https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

bradleyordner
Level 3
Level 3

‎06-08-2021 05:17 PM

I see performance issues for upload speeds to the SDWAN. There is a lot of moving parts and technology in the path as well. 

I can get multiple TCP streams to reach 50 - 60mbits each, thats it. The total sum can be over 500 Mbits. Downloads with one stream I can get 500mbits with a 4Mb window size via iPerf. 

 

We are about to test inside this VLAN with the MTU mismatch and bypass both Nexus and Palo Alto. 

 

I will check your document, thank you. 

 

Brad

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to bradleyordner

‎06-08-2021 05:27 PM

Most of the new technology like SD-WAN/Access they looking MTU size 9K, because of VXLAN and other stuff, 

 

if your device supports jumbo frames where possible, try to configure and test it.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

bradleyordner
Level 3
Level 3
In response to balaji.bandi

‎06-08-2021 06:03 PM

This site is a spoke site, so I am just trying to transfer a file over transports back to the Hub site. 

 

If I was to use 9K MTU then would all devices Nexus/PA/ASR need it?  Would this be L2 MTU or L3 MTU and what would this achieve as if I did L3, then it gets fragmented as tunnel MTU over transport is 1442. 

 

Brad

 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to bradleyordner

‎06-08-2021 06:15 PM

if the remote site, it all depends on how the provider offers. i do not believe it will not go beyond 1500 (until you have any dark fibre or VPLS or any special Links.

 

you can do with ping test sending data size see where the packet drops end to end.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents