Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2416
Views
25
Helpful
13
Replies

GRE-MSS

Go to solution
Srinivasan Nagarajan
Level 1
Level 1

‎11-13-2022 07:49 AM

Hi Experts,

We've recently built a GRE tunnel from Cisco router to Cloud provider for Internet traffic. The tunnel has a default MTU of 1476 bytes (to accommodate the GRE overhead) and the WAN interface (connecting to ISP) is configured with MSS of 1360.

Some posts suggest configuring MSS on the Tunnel interface as well. Experiencing Internet slowness, should the MSS be configured on both the WAN interface and tunnel interface or just WAN interface config would suffice?

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Srinivasan Nagarajan

‎11-13-2022 09:20 AM

"So, I'd like to know, in this case, will the MSS value set on the egress interface will not take effect?"

Yes and no.  Adjust-mss is only done during TCP handshake, which would be "invisible" on the physical interface for tunnel traffic.

Also, we don't want to adjust MSS for physical interface traffic, as it's not the problem.  It's the tunnel GRE overhead which often causes performance issues (due to fragmentation or too large packets being dropped with message to source to send smaller).

View solution in original post

13 Replies 13

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-13-2022 08:24 AM - edited ‎11-13-2022 08:24 AM

In most cases, Physical Ethernet has a default 1500 MUT, so GRE needs 24 bytes, so setting 1476 on Gre Tunnel is valid here.

 

Experiencing Internet slowness, should the MSS be configured on both the WAN interface and tunnel interface or just WAN interface config would suffice?

 

Slowness Directly connecting to Ethernet and conducting test, 

or slowness using GRE Tunnel ?

if the slowness via the tunnel - this need to investigate, since your route going out via the tunnel to another side - where is the internet route going out?  so this required to investigate where the slowness adding.

some good example document explains :

https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Srinivasan Nagarajan
Level 1
Level 1
In response to balaji.bandi

‎11-13-2022 08:28 AM

Hi

Slowness experienced when traffic is routed via GRE tunnel. We've directly connected the cable to the router and no issues noticed via 'direct' internet.

Should the MSS value be configured on GRE tunnel as well?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Srinivasan Nagarajan

‎11-13-2022 12:37 PM

Then you need to adjust Tunnel MTU/MSS based on the issue you having.

as others suggested - hope you found the solution by now.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎11-13-2022 08:28 AM - edited ‎11-13-2022 08:32 AM

I do lab before and only tunnel mtu / mss is effect traffic if traffic is pass through tunnel.

0 Helpful

Go to solution
Srinivasan Nagarajan
Level 1
Level 1
In response to MHM Cisco World

‎11-13-2022 08:43 AM

Hi,

Thanks for the info. Shall I assume the MSS set on the egress interface will not take effect?

If yes, can you please advise let me know why is it so? (for my knowledge)

Go to solution
MHM Cisco World
VIP
VIP
In response to Srinivasan Nagarajan

‎11-13-2022 09:06 AM

if you have multi GRE tunnel use same tunnel source and each one you need MTU/MSS different than other, how you can achieve this if you config it under tunnel source ?
that why tunnel MTU/MSS is override the MTU/MSS of tunnel source (WAN interface).

Go to solution
Srinivasan Nagarajan
Level 1
Level 1
In response to MHM Cisco World

‎11-13-2022 09:20 AM - edited ‎11-13-2022 09:23 AM

Thanks for the reply and it's been helpful.

 

Go to solution
MHM Cisco World
VIP
VIP
In response to Srinivasan Nagarajan

‎11-13-2022 09:29 AM

Client-Server 
start TCP handshake 
client (which is your side) send mss 1000 
server (which is other side) if it have MSS value high than your side then the server side will select lower which is 1000
if it have MSS value lower than your side then the server send to client my MSS is lower and use it. 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Srinivasan Nagarajan

‎11-13-2022 12:42 PM

You are so so welcome any time 

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎11-14-2022 09:04 AM

BTW, although I agree with @MHM Cisco World if you needed different MTU/MSS per tunnel, having those commands on physical interface would not allow differences.  However, as described in another posting, even if all the tunnels needed the same MTU/MSS settings, applying on the physical interface is not where you want to apply it.  First, the physical interface's MTU shouldn't be reduced and second the MSS command would have no effect on the tunnel traffic (as it "sees" IP GRE packets, not TCP packets).

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎11-13-2022 09:02 AM - last edited on ‎11-14-2022 12:43 AM by Community Manager

Physical interface should have default MSS and MTU.

GRE tunnel

IP MTU

(not just MTU) should be 1476.

GRE tunnel

tcp adjust-mss

should be 1436 (IP MTU - 40).

BTW, if your hand-off is Ethernet, you might ask your provider if they support jumbo Ethernet.  If so, you could run GRE tunnel with an IP MTU of 1500.

Go to solution
Srinivasan Nagarajan
Level 1
Level 1
In response to Joseph W. Doherty

‎11-13-2022 09:09 AM

Hi Joseph

Thanks for the reply. I've been going through other similar posts and your answers are very helpful

We're experiencing issues when traffic traversing through GRE and not via Egress interface which is connecting to the Internet. Cloud vendor (and other documentation) suggests configuring MSS on the GRE tunnel interface (Where the web traffic traverse through)

So, I'd like to know, in this case, will the MSS value set on the egress interface will not take effect?

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Srinivasan Nagarajan

‎11-13-2022 09:20 AM

"So, I'd like to know, in this case, will the MSS value set on the egress interface will not take effect?"

Yes and no.  Adjust-mss is only done during TCP handshake, which would be "invisible" on the physical interface for tunnel traffic.

Also, we don't want to adjust MSS for physical interface traffic, as it's not the problem.  It's the tunnel GRE overhead which often causes performance issues (due to fragmentation or too large packets being dropped with message to source to send smaller).

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card