MTU exceeds tunnel transport

Forbes Jenalyn Rose · ‎01-22-2013

Hi all,

Here's a show log from our router.

Issue is intermittent connection to the internet / inter-office network.

sh log

Syslog logging: enabled (0 messages dropped, 14 messages rate-limited, 23 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: level debugging, 3353 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 3338 messages logged, xml disabled,

filtering disabled

Exception Logging: size (4096 bytes)

Count and timestamp logging messages: disabled

Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 5057 message lines logged

Logging Source-Interface: VRF Name:

--More--

Log Buffer (16384 bytes):

face Tunnel60, changed state to down

Jan 23 03:41:03.539: %DUAL-5-NBRCHANGE: EIGRP-IPv4 89: Neighbor 10.255.255.94 (Tunnel60) is down: interface down

Jan 23 03:47:23.266: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434

Jan 23 03:57:43.615: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434

Jan 23 04:08:13.092: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434

Jan 23 04:18:42.337: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434

Jan 23 04:34:21.317: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434

Jan 23 04:37:56.050: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel60, changed state to up

Jan 23 04:37:58.962: %DUAL-5-NBRCHANGE: EIGRP-IPv4 89: Neighbor 10.255.255.94 (Tunnel60) is up: new adjacency

Jan 23 04:38:11.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel60, changed state to down

Jan 23 04:38:11.107: %DUAL-5-NBRCHANGE: EIGRP-IPv4 89: Neighbor 10.255.255.94 (Tunnel60) is down: interface down

Could please someone advise how to fix this issue?

I tried to set ip mtu 1422 on the tunnel interface but still not resolved.

Regards,

Jenalyn

mahmoodmkl · ‎01-23-2013

Hi

can u try with MTU of 1400

Thanks

burhanahmed · ‎01-23-2013

set MTU 1400 on both sides

Forbes Jenalyn Rose · ‎01-23-2013

Hi mahmoodmkl,

Thank you for your prompt response.

I already tried changing the MTU to 1400 on Tunnel60, i will check if this will work.

But do I really need to configure the mtu size on tunnel interface?

Because most of our sites do not have mtu configured on their tunnels.

Also, when I configue the MTU size on the source router, do I have to configure it as well on the destination router?

Regards,

Jenalyn

mahmoodmkl · ‎01-23-2013

Hi

yes u can try configuring the mtc under the tunnel interfaces and it should match at both ends.

Thanks

Forbes Jenalyn Rose · ‎01-23-2013

Also, when I do "show int tunnel" it says MTU 17874 bytes but if I do "show ip int Tunnel" it says MTU is 1400 bytes.

Could you please advise what's the difference?

Regards,

Jenalyn

Forbes Jenalyn Rose · ‎01-23-2013

Hi,

I configured MTU 1400 on both end but still have the same error when I enable term mon.

This error apprear:

Jan 23 08:46:16.084: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434

Please advise.

Regards,

Jenalyn

Forbes Jenalyn Rose · ‎01-23-2013

Hi,

It seems so wierd, the tunnel interface keeps on changing back to MTU 1422.

Also, I tried remove the mtu set on the interface and after the same error appear, ip mtu 1422 is set again automatically.

Do you think it is a bug?

Please advise.

Regards,

Jenalyn

Forbes Jenalyn Rose · ‎01-24-2013

Hi,

Anyone who could help me on this issue?

Tunnel interface still keeps on giving me an error:

Jan 24 10:07:11.219: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434

Jan 24 10:09:59.328: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel81 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1436

I think, the tunnel automatically sets the mtu size.

Also, here is the output of "show int tunnel". It is obvious that the MTU is too high on both tunnel.

phmnlccent-gw-3#sh int Tunnel8601

Tunnel8601 is up, line protocol is up

Hardware is Tunnel

Description: ipsec vti to cnshaccent-gw-3

Internet address is 10.255.255.109/30

MTU 17874 bytes, BW 100 Kbit/sec, DLY 50000 usec,

reliability 255/255, txload 63/255, rxload 255/255

Encapsulation TUNNEL, loopback not set

Keepalive not set

Tunnel source 116.xxx.xxx.x, destination 116.xxx.xxx.x

Tunnel protocol/transport IPSEC/IP

Tunnel TTL 255

Tunnel transport MTU 1434 bytes

Tunnel transmit bandwidth 8000 (kbps)

Tunnel receive bandwidth 8000 (kbps)

Tunnel protection via IPSec (profile "ipsec-vti")

Last input never, output never, output hang never

Last clearing of "show interface" counters 1d02h

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2823

Queueing strategy: fifo

Output queue: 0/0 (size/max)

5 minute input rate 272000 bits/sec, 32 packets/sec

5 minute output rate 25000 bits/sec, 24 packets/sec

4428327 packets input, 3070813493 bytes, 0 no buffer

Received 0 broadcasts (20066 IP multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

2279036 packets output, 331538488 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 unknown protocol drops

0 output buffer failures, 0 output buffers swapped out

phmnlccent-gw-3#sh int Tunnel81

Tunnel81 is up, line protocol is up

Hardware is Tunnel

Description: ipsec vti to jpnrtdcmit-gw-1

Internet address is 10.255.255.121/30

MTU 17876 bytes, BW 100 Kbit/sec, DLY 50000 usec,

reliability 255/255, txload 33/255, rxload 255/255

Encapsulation TUNNEL, loopback not set

Keepalive not set

Tunnel source 116.214.104.4, destination 210.196.112.193

Tunnel protocol/transport IPSEC/IP

Tunnel TTL 255

Tunnel transport MTU 1436 bytes

Tunnel transmit bandwidth 8000 (kbps)

Tunnel receive bandwidth 8000 (kbps)

Tunnel protection via IPSec (profile "ipsec-vti")

Last input never, output never, output hang never

Last clearing of "show interface" counters 08:33:40

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 622

Queueing strategy: fifo

Output queue: 0/0 (size/max)

5 minute input rate 105000 bits/sec, 10 packets/sec

5 minute output rate 13000 bits/sec, 10 packets/sec

798722 packets input, 823342175 bytes, 0 no buffer

Received 0 broadcasts (6545 IP multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

644000 packets output, 96761110 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 unknown protocol drops

0 output buffer failures, 0 output buffers swapped out

Could please someone help me fix this issue?

Regards,

Jenalyn

mahmoodmkl · ‎01-24-2013

Hi
what is the mtu on the physical interface which is sourcing this tunnel

Sent from Cisco Technical Support iPhone App

Forbes Jenalyn Rose · ‎01-24-2013

Hi,

MTU on physical interface is the default - 1500.

Regards,

Jenalyn Fobes

Forbes Jenalyn Rose · ‎01-24-2013

Hi,

I also noticed that on the "show ip int" output, it has this:

Input features: Virtual Fragment Reassembly, IPSec input classification, Virtual Fragment Reassembly After IPSec Decryption, MCI Check

Output features: IPSec output classification, IPSec: to crypto engine, Post-encryption output features

Is this related? how to change it?

Regards,

Jenalyn

Sherif Atef Ahmed Ismail · ‎03-11-2013

Hi Jenna

It is strange that MTU for physical interface is 1500 cause it should something around 18670

"show ip interface tunnel" --> should give MTU for tunnel

"show interface tunnel" ---> should give MTU of physical interface + 14 (as i remember)

May you post O/P of below commands for physical interface

show interface gix/y | i MTU

show ip interface gix/y | i MTU

Thanks

Regards

Sherif Ismail