NTT's FLETS NGN IPv6 will be used to build IPsec between two bases. The IPv4 packet is passed through the encrypted tunnel, and the OSPF or EIGRP dynamic routing protocol packet is also transmitted.
The encryption tunnel was formed using GRE over IPsec using IPv6 address, not DMVPN. The encryption/authentication algorithm uses esp-aes-256/esp-sha-hmac and IKEv2. The following configuration allows the tunnel to be successfully stretched and communication is possible.
(Example Configuration)
interface GigabitEthernet0
ipv6 address ~
ipv6 mtu 1500
!
interface Tunnel1
ip address 192.168.0.1 255.255.255.255
tunnel mode gre ipv6
tunnel source GigabitEthernet0
tunnel destination dynamic
tunnel protection ipsec profile default
!
crypto ipsec profile default
set ikev2-profile FLEX_CLIENT_PROF
set transform-set IPSEC_TRANSFORM
!
Now I realize that I have not configured the MTU and MSS on the Tunnel interface above.
What is the MTU value to be configured for the Tunnel interface in these environments and configurations?
Since the MTU value of IPv6 in the NGN environment is 1500byte, considering that the header below GRE and IPsec is added, we calculated that the MTU of the original packet to be a payload would be 1414byte, and the MSS would be 1374byte. Is this the correct idea? I would appreciate it if you could point out any errors.
·IPv6 Header=40
·ESP Header=8
·ESP IV=16
·GRE Header=4
·ESP Trailer=18
reference site
[IPsec Overhead Calculator Tool]
https://cway.cisco.com/ipsec-overhead-calculator/