Hey everyone,
We have a number of our branches connecting to our data center over a hub and spoke network topology. Recently users have been complaining about issues they experience when sending emails via outlook. They say the emails sit in the "outbox" and don't get sent for a long time. Even though it's most likely a server issue, my boss advised me to do some digging on our side of things. I started looking and noticed, or didn't notice, anything about DF bits in our configuration. I'm wandering, whether that could be what's causing the issue and whether it is a good idea to have it configured on the routers anyways?
Also if someone can clear something up for me I would really appreciate that.
From Cisco documentation found at http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftdfipsc.html,
...
DF Bit Setting Configuration Example
In following example, the router is configured to globally clear the setting for the DF bit and copy the DF bit on the interface named Ethernet0. Thus, all interfaces except Ethernet0 will allow the router to send packets larger than the available MTU size; Ethernet0 will allow the router to fragment the packet.
crypto ipsec df-bit clear
ip address 192.168.10.38 255.255.255.0
ip broadcast-address 0.0.0.0
crypto ipsec df-bit copy
...
I am a bit confused about this. If DF bit is cleared globally on all interfaces (except Ethernet0),
how does that allow the router to send packets larger than the available MTU size since Ethernet Maximum Transmission Unit
size is 1500 bytes. Can it actually place packets larger than 1500 bytes on the wire?
Also by using the df-bit copy command on Ethernet0, how will it allow the router to fragment the packet?
