Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1360
Views
5
Helpful
1
Replies

Help with MTU issue - firewall blocking large ICMP packets

Oerlikon_NZ
Level 1
Level 1

‎08-15-2012 03:15 AM - edited ‎03-04-2019 05:16 PM

Hi

We have a 3rd party provided fibre connection to a remote office. 


I've been troubleshooting an MTU issue with large ICMP packets > 1023 being dropped over the WAN link. 

This occurs when the DF bit is NOT set.  From my experience this is not normal behaviour.  Typically I think packets should be fragmented and the pings would be successful.  In contrast If I set the DF bit any packets > 1023 packets report back as requiring fragmentation.  I believe this is normal behaviour.

I've talked to our fibre provider, and they've advised they have firewall in their network that is configured with large ICMP packet protection.  This seems to be the cause of the issue.

Would this configuration break anything? I believe PMTU discovery would still work? 

(To give some background, the reason I've been investigating this issue is due to intermitent network peformance across the WAN link.  As well as investigating all the usual suspects inc bandwidth congestion I just want to eliminate this MTU issue as a potential factor)

Many thanks in advance.

Labels:
0 Helpful
1 Reply 1

Oerlikon_NZ
Level 1
Level 1

‎09-07-2012 02:19 AM

Just a self update to advise this was not breaking PMTU.  The firewall in the providers network was only blocking large ICMP packets > 1023 bytes.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card