MTU on Router

wasiimcisco · ‎03-03-2013

Hi,

I am facing problem with one of my network scanner installed at remote Branch through the

IPVPN link. Scanner is not able to send email but Same scanner works fine in the Head office LAN but when We are taking it to the remote branch it is not working.

I have DMVPN between branch and head office.

I am suspecing the MTU is causing the issue. Other applications are working fine on that

brach even email through the outlook as well. But this scanner is not able to send the

email and we are not able to track where it is getting stuck.

======================

My Brach router configuration

interface Tunnel546
description connected to the
bandwidth 2048
ip address 172.27.5.62 255.255.255.252
ip mtu 1530
ip ospf network point-to-point
ip ospf cost 10
keepalive 5 3
tunnel source FastEthernet0/1
tunnel destination 192.168.253.37
=============================
Head office

nterface Tunnel546
description connected to the
bandwidth 2048
ip address 172.27.5.61 255.255.255.252
ip mtu 1530
ip ospf network point-to-point
ip ospf cost 10
keepalive 5 3
tunnel source GigabitEthernet0/0
tunnel destination 192.168.253.89
end

Please help me out. I have attached the packet caputre but didnt able to find any information.

I am trying different MTU combinations like 1476, 1524, 1570 etc but no Luck.

Please assist me how to fix this issue.

m.glosson · ‎03-03-2013

For one thing, you shouldn't use an MTU above 1500, since Ethernet is 1514 maximum (unless its tagged or jumbo frame, but the 802.1Q tag would be stripped off before being encapsulated in GRE anyway). You can read a great article on all this here, but the highlight is that Cisco recommends the MTU setting to be 1400 when encapulating in GRE. Another nice trick is to use "ip tcp adjust-mss 1360" because this will tell TCP to actually set the MSS (maximum segment size) and should eliminate fragmentation, etc, at least for TCP packets, thus saving router resources as well. Using 1360 together with mtu of 1400 is good because all the header information is about 40 bytes (1400-40=1360) Much more could be said here, but I feel like if you are really interested, you should read the article in posted the link to in its entirety.

Since you are running ospf as well, be careful about setting the mtu too readily, as mismatched mtu sizes can sometimes cause problems with ospf. You might first try doing just the MSS adjustment.

Good luck,

Matt

Peter Paluch · ‎03-03-2013

Hello Matt,

Very nice reply! Please allow me to comment on a few details.

Ethernet is 1514 maximum

Well, the payload of an Ethernet frame is 1500 bytes maximum. With the headers, the entire frame grows to 1514 bytes, and with the FCS trailer, the entire and total frame length is 1518 bytes. The payload size itself, though, can never exceed 1500 bytes (jumbo frames excluded).

Cisco recommends the MTU setting to be 1400 when encapulating in GRE

This would work, however, that recommendation of 1400 bytes is given for combinations of GRE and IPsec where the different combination of tunnel/transport mode, AH, ESP, AH+ESP, pure IPsec, IPsec-protected GRE results in differently sized resulting packets. Pure GRE-encapsulated traffic always has a constant overhead of 24 bytes and the MTU with pure GRE tunnels can therefore safely be reduced to 1476. Lowering the MTU too deep causes unnecessary packet fragmentation and increases overhead. The resulting TCP MSS size in this case would be 1436.

mismatched  mtu sizes can sometimes cause problems with ospf

Good catch! In fact, they always cause problems with OSPF (and IS-IS and many other things).

Best regards,

Peter

Jeff Van Houten · ‎03-03-2013

If other applications are working fine, I doubt it's an mtu issue. Look at the config on the scanner itself.

Sent from Cisco Technical Support iPad App

wasiimcisco · ‎03-03-2013

Dear All,

Thanks for the reply and doc. I have reviewed all but still I am not able to figure it out how to fix this scanner issue.

The same scanner is working fine on the LAN only problem arise when we are connecting it over the WAN and GRE DMVPN etc comes in picture.

If you see the attached packet capture it is showing tcp reassumble errors.

Need your assistance how to fix it.

blau grana · ‎03-05-2013

Hi

Try on LAN interface where scanner is connected (L3 interface) add this command.

#ip tcp adjust-mss 1300

Best Regards

Please rate helpful posts

Best Regards Please rate all helpful posts and close solved questions

wasiimcisco · ‎03-06-2013

Hi,

thanks for the reply I applied the command on the lan segment but no luck.

R01(config-subif)#do sh run inter fas 0/0.1
Building configuration...

Current configuration : 287 bytes
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.16.1 255.255.255.0
ip helper-address 192.168.200.103
ip helper-address 192.168.200.68
ip helper-address 192.168.16.200
ip tcp adjust-mss 1300
ip traffic-export apply cap size 5120
ip ospf cost 40
end

R01(config-subif)#do sh run inter tun 546
Building configuration...

Current configuration : 289 bytes
!
interface Tunnel546
description connected to the ENOC-R03
bandwidth 2048
ip address 172.27.5.62 255.255.255.252
ip mtu 1524
ip tcp adjust-mss 1460
ip ospf network point-to-point
ip ospf cost 10
keepalive 5 3
tunnel source FastEthernet0/1
tunnel destination 192.168.253.37

balbaletabrez · ‎03-06-2013

Hi there

Try to switch to gig port and try

Sent from Cisco Technical Support Android App