Re: MTU size and UDP on GRE tunnels

juergenott · ‎02-15-2005

In our network we use a GRE tunnel to connect our WLAN hotspot routers (1760) via the internet to the central service area. In addition to secure the NMS traffic from/to the router we configured an IP Sec tunnel within the GRE tunnel (esp des). To overcome the known problems with fragmentation etc. we configured a tcp mss of 1436 on the GRE tunnel interface. But from my understanding this setting only works for tcp but not for udp and other protocols. In case a wireless client opens a udp connection (e.g. video streaming) can there also be problems like for tcp and if so is there a possibility to configure the router to overcome it?

Are there potential problems for NMS traffic going over the IP Sec tunnel concerning fragmentation (e.g. for SNMP)?

Richard Burts · ‎02-15-2005

It is logical that there could also be problems with fragmentation of UDP traffic as there is with TCP. Some of the alternatives which solve the problem for TCP are not available for UDP (such as ip tcp adjust-mss). If you are experiencing problems with UDP traffic you might have some success with approaches such as clear the DF bit.

Fortunately my experience is that while fragmentation problems are pretty common for TCP they are pretty rare for UDP. I have implemented a fairly extensive IPSec with GRE network at a customer site. And while we did face and solve the problem for TCP we have yet to see much of a problem for UDP traffic.

And to answer the other part of your question about potential problems about running NMS through the tunnels, I can tell you that this customer does run NMS through the tunnels and we are not seeing any problems with this.

HTH

Rick

HTH

Rick