MTU Query

GRANT3779 · ‎06-25-2013

Hi All,

When doing a trace from a Unix box to a VPN connected site the packets don't seem to send from my Cisco VPN router until the MTU is at 1006. Does this seem a bit low? Do I have a config issue somewhere?

7 172.27.x.x (172.27.x.x 47 ms) - My VPN ROUTER

fragmentation required, trying new MTU = 1492

7 * 49 ms

fragmentation required, trying new MTU = 1480

7 * 49 ms

fragmentation required, trying new MTU = 1472

7 * 49 ms

fragmentation required, trying new MTU = 1006

7 172.27.y.y (172.27.y.y) 197 ms 170 ms 189 ms _ Destination - eventually.

Pavel Bykov · ‎06-25-2013

This seem a bit too low. Try pinging intermediate locations with DF bit set, to determine if MTU is being cut down on the path somewhere.

GRANT3779 · ‎06-25-2013

I done a ping using the following to the same address and can get a reply when using MTU 1400 Does this suggest that the router just dropped all the way down to 1006 in my previous example without trying higher MTU.

Looking at my initial post, and the output below, does it look like there is actually an issue? I'm not sure why/where the 1006 MTU came from, it 1400 is working below.

C:\ping 172.27.67.5 -f -l 1400

Pinging 172.27.67.5 with 1400 bytes of data:

Reply from 172.27.67.5: bytes=1400 time=178ms TTL=243

Reply from 172.27.67.5: bytes=1400 time=170ms TTL=243

Reply from 172.27.67.5: bytes=1400 time=203ms TTL=243

Reply from 172.27.67.5: bytes=1400 time=193ms TTL=243

Ping statistics for 172.27.67.5:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 170ms, Maximum = 203ms, Average = 186ms