Re: can't change tunnel mtu DMVPN

n.bokhar1 · ‎06-21-2018

hi all

i had a very sad encounter with an issue on Cisco ISR4331 with ios-xe 03.16.04b.S

this router is a dmvpn spoke and for some reasons the transport network ( ISP ) had an issue witch wouldn't allow you to send packets larger than 1350 bytes and i had a bad case of packet loss on my tunnel

so I changed the MTU in tunnel interface using ip mtu command but when I get show interface the mtu is still 1472 but when i try to change it again using mtu command i get this error message :

R-42_1(config-if)#mtu 1300
% Interface Tunnel1 does not support user settable mtu.

this is my running config on tunnel interface :

interface Tunnel1
 ip address 172.18.1.42 255.255.0.0
 no ip redirects
 ip mtu 1300
 ip hello-interval eigrp 500 20
 ip hold-time eigrp 500 60
 ip nhrp authentication KEY
 ip nhrp map multicast dynamic
 ip nhrp network-id 8532
 ip nhrp holdtime 200
 ip nhrp nhs 172.18.1.0 nbma 1.1.1.1 multicast
 ip nhrp nhs 172.18.1.1 nbma 2.2.2.2 multicast
 ip nhrp registration no-unique
 ip nhrp shortcut
 ip summary-address eigrp 500 10.42.0.0 255.255.0.0
 ip tcp adjust-mss 1260
 tunnel source Dialer1
 tunnel mode gre multipoint
 tunnel key 8532
 tunnel protection ipsec profile DMVPN-SEC
end

this is the output of show interfaces tunnel 1:

R-42_1#show interfaces tunnel1
Tunnel1 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 172.18.1.42/16
  MTU 9972 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 28/255, rxload 22/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel linestate evaluation up
  Tunnel source 3.3.3.3 (Dialer1)
   Tunnel Subblocks:
      src-track:
         Tunnel1 source tracking subblock associated with Dialer1
          Set of tunnels with source Dialer1, 1 member (includes iterators), on interface <OK>
  Tunnel protocol/transport multi-GRE/IP
    Key 0x2154, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255, Fast tunneling enabled
  Tunnel transport MTU 1472 bytes
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Tunnel protection via IPSec (profile "DMVPN-SEC")
  Last input 00:00:17, output never, output hang never
  Last clearing of "show interface" counters 3d21h
  Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 9000 bits/sec, 11 packets/sec
  5 minute output rate 11000 bits/sec, 10 packets/sec
     4439139 packets input, 450439115 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     5080822 packets output, 2360241834 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

n.bokhar1 · ‎06-21-2018

How can i enforce my mtu to the router ?

Georg Pauwen · ‎06-21-2018

Hello,

you need to use 'ip mtu' on the tunnel interface.

Either way, try to send a packet larger than 1400 (the value you set) to the other side of the tunnel with the df-bit set; the tunnel might just be reporting a wrong value:

Router#ping 172.18.1.1 df-bit size 1420 source tunnel 1

n.bokhar1 · ‎06-21-2018

i have used this command but it won't affect the mtu on show interface

dgonzalezarias · ‎12-27-2018

Why does the interface tunnel should an MTU of 9972 if the I set the IP MTU to 1400?

Larry Sullivan · ‎12-27-2018

George presented a way to check for peace of mind.

Also, see this post.
https://community.cisco.com/t5/routing/understanding-mtu-given-for-gre-tunnel/td-p/1791474