NTT's FLETS NGN IPv6 will be used to build IPsec between two bases. The IPv4 packet is passed through the encrypted tunnel, and the OSPF or EIGRP dynamic routing protocol packet is also transmitted.

The encryption tunnel was formed using GRE over IPsec using IPv6 address, not DMVPN. The encryption/authentication algorithm uses esp-aes-256/esp-sha-hmac and IKEv2. The following configuration allows the tunnel to be successfully stretched and communication is possible.

(Example Configuration)

interface GigabitEthernet0

  ipv6 address ~

  ipv6 mtu 1500

!
interface Tunnel1
　ip address 192.168.0.1 255.255.255.255
  tunnel mode gre ipv6
  tunnel source GigabitEthernet0
  tunnel destination dynamic
  tunnel protection ipsec profile default
!
crypto ipsec profile default
   set ikev2-profile FLEX_CLIENT_PROF
   set transform-set IPSEC_TRANSFORM
!

Now I realize that I have not configured the MTU and MSS on the Tunnel interface above.

What is the MTU value to be configured for the Tunnel interface in these environments and configurations?

　
Since the MTU value of IPv6 in the NGN environment is 1500byte, considering that the header below GRE and IPsec is added, we calculated that the MTU of the original packet to be a payload would be 1414byte, and the MSS would be 1374byte. Is this the correct idea? I would appreciate it if you could point out any errors.

·IPv6 Header=40
·ESP Header=8
·ESP IV=16
·GRE Header=4
·ESP Trailer=18

reference site
[IPsec Overhead Calculator Tool]
https://cway.cisco.com/ipsec-overhead-calculator/