cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
903
Views
0
Helpful
1
Replies

Clearing of the DF bit on a 6500 and testing

paul amaral
Level 4
Level 4

Hi, sorry for posting this one more time but i'm still having difficulty figuring this out.

I have a GRE tunnel that im clearing the DF bit between two routers. No matter what i do its doesn't seem to be working when i test it.

I'm testing it by sending ICMP echo packets greater than 1500 with the DF bit set to 1, hoping that when the packet hits the physical outgoing interface it gets set to DF 0 and the packets will be fragmented over the tunnel but not matter what i do the icmp test never works.

my config looks like this

route-map clear_tunnel_df_RM, permit, sequence 10

  Match clauses:

    ip address (access-lists): 178

  Set clauses:

    ip df 0

Extended IP access list 178

    10 permit icmp any any

interface Tunnel7

ip address xxxxxx.9 255.255.255.252

ip hold-time eigrp 1 60

ip tcp adjust-mss 1300

ip ospf cost 5000

ip ospf hello-interval 20

load-interval 30

ipv6 address xxxx:1::1A/126

ipv6 ospf cost 5000

ipv6 ospf 3 area 0

tunnel source x.x.125.94

tunnel destination x.x.0.214

tunnel ttl 35

interface GigabitEthernet5/2

ip address x.x.125.94 255.255.255.252

ip access-group 110 in

ip access-group 111 out

ip flow ingress

ip policy route-map clear_tunnel_df_RM

load-interval 30

speed nonegotiate

service-policy input upstream_incoming_trust_policy

when i ping from a PC connected to a vlan on this router using ping x.x.x.x -l 1510  -f get the packet needs to be fragmented but DF set and it never works. I'm kind of lost as to why this isn't working as it should be a straightforward config.

thanks, Paul

1 Reply 1

paul amaral
Level 4
Level 4

nevermind i found the issue, after using wireshark it was clear that i was testing wrong. On my pc the ethernet has an mtu of 1500 and i was ping with 1510 with the DF bit set, to it was not even leaving the local ethernet. After i lowered the mtu (a value higher than the tunnel MTU but lower than the 1500 local ethernet MTU) and set the DF bit to 1 , the FD was set to zero and it worked.

Review Cisco Networking for a $25 gift card