Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8569
Views
0
Helpful
3
Replies

Tunnel MTU issue with DMVPN

Go to solution
tdotvix1982
Level 1
Level 1

‎06-09-2011 12:39 AM - edited ‎03-04-2019 12:39 PM

Hi folks,

I came across an issue today for one of our clients  who is on DMVPN Phase 3. The GRE Tunnel is showing te MTU to be set at  above 17000 under the 'show interface tunnel 150' command whereas the  show ip interface tunnel 150 command shows the MTU to be at 1430 which  is what I have configured it to be. The IOS I am using at the moment for  the router is Advanced-Security-K9 and the router model is 2801 ISR. I  saw the same output for another branch of the same client and the Tunnel  MTU there is set at 1430 which is exactly what I have conigured it to  be. Below is the edited output of the 'show interface tunnel 150' and  below that is the show run output of the aforementioned tunnel that I  first mentioned where I noticed the discrepancy. The physitcal interface  that te tunnel is bound to is a Fast Ethernet port on a 4 port  EtherSwitch which has been made a part of an access VLAN and the VLAN  has been assigned an IP address for layer 3 functionality. Please do  have a look and suggest what could be wrong and what are the variables  that could be causing this to happen. Do let me know if you need more  information please. Thanks.

Tunnel150 is up, line protocol is up

  Hardware is Tunnel

  Description: xxxxxx

  Internet address is xxx.xxx.xxx.xxx/xx

  MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive not set

  Tunnel source xxx.xxx.xxx.xxx (Vlanxxx)

  Tunnel protocol/transport multi-GRE/IP

    Key 0xF3, sequencing disabled

    Checksumming of packets disabled

  Tunnel TTL 255

  Tunnel transport MTU 1472 bytes

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Tunnel protection via IPSec (profile "xxxxx-xxxxxxx")

  Last input 00:00:08, output 23:37:44, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1518

  Queueing strategy: fifo

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     390 packets input, 93480 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     620 packets output, 79440 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

Below is the Tunnel's config:

interface Tunnel150

description xxxxxxx

ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

no ip redirects

ip mtu 1430

ip nhrp authentication xxxxxxxx

ip nhrp map multicast xxx.xxx.xxx.xxx

ip nhrp map xxx.xxx.xxx.xxx

ip nhrp network-id 243

ip nhrp holdtime 3600

ip nhrp nhs xxx.xxx.xxx.xxx

ip nhrp shortcut

ip tcp adjust-mss 1330

ip ospf network point-to-multipoint

ip ospf cost 10

ip ospf hello-interval 10

ip ospf priority 0

ip ospf mtu-ignore

tunnel source Vlan150

tunnel mode gre multipoint

tunnel key xxx

tunnel protection ipsec profile xxx.xxx.xxx.xxx

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
milan.kulik
Level 10
Level 10

‎06-09-2011 01:47 AM

Hi,

IMHO, it depends on the Tunnel source you are using.

I can see on my routers (same HW but not the same IOS version):

Router1#sh int tunn 100

Tunnel100 is up, line protocol is up

Hardware is Tunnel

Internet address is xxx

MTU 1514 bytes, BW 9 Kbit/sec, DLY 500000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

...

Router2#sh int tunn 100

Tunnel100 is up, line protocol is up

Hardware is Tunnel

Internet address is xxx

MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,

reliability 255/255, txload 1/255, rxload 1/255

...

Router1#sh ip int tunn 100

Tunnel100 is up, line protocol is up

Internet address is xxx

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

...

Router2#sh ip int tunn 100

Tunnel100 is up, line protocol is up

Internet address is xxx

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Both routers are configured with the same tunnel parematers:

interface Tunnel100

ip address xxx

ip mtu 1500

ip tcp adjust-mss 1436

keepalive 5 3

tunnel source xxx

tunnel destination xxx

tunnel key 100

The only difference is the tunnel source.

On Router1 it's a subinterface, on Router2 it's a GigabitEthernet.

What's interesting, both routers are showing a standard Ethernet MTUs on the source interfaces:

Router2#sh int

GigabitEthernet0/0 is up, line protocol is up

Hardware is MV64460 Internal MAC, address is ..

Internet address is xxx

MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec

...

Router1#sh int

GigabitEthernet0/0.255 is up, line protocol is up

Hardware is MV64460 Internal MAC, address is ...

Description: VLAN y

Internet address is xxx

MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec

...

So I really don't understand where are the tunnel interface MTU values coming from :-(

IMHO, the sh int tunnel ... command is misleading with the MTU filed, it's showing just some value which has no sense.

BR,

Milan

View solution in original post

0 Helpful

Go to solution
milan.kulik
Level 10
Level 10
In response to tdotvix1982

‎06-10-2011 01:06 AM

Hi Vick,

this is my understnading, but I'm not 100% sure.

The behaviour might be different with a different IOS version.

You can see I was opening a similar discussion

https://supportforums.cisco.com/message/3347227#3347227

in the past without any clear conclusion :-(

BR,

Milan

View solution in original post

0 Helpful
3 Replies 3

Go to solution
milan.kulik
Level 10
Level 10

‎06-09-2011 01:47 AM

Hi,

IMHO, it depends on the Tunnel source you are using.

I can see on my routers (same HW but not the same IOS version):

Router1#sh int tunn 100

Tunnel100 is up, line protocol is up

Hardware is Tunnel

Internet address is xxx

MTU 1514 bytes, BW 9 Kbit/sec, DLY 500000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

...

Router2#sh int tunn 100

Tunnel100 is up, line protocol is up

Hardware is Tunnel

Internet address is xxx

MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,

reliability 255/255, txload 1/255, rxload 1/255

...

Router1#sh ip int tunn 100

Tunnel100 is up, line protocol is up

Internet address is xxx

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

...

Router2#sh ip int tunn 100

Tunnel100 is up, line protocol is up

Internet address is xxx

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Both routers are configured with the same tunnel parematers:

interface Tunnel100

ip address xxx

ip mtu 1500

ip tcp adjust-mss 1436

keepalive 5 3

tunnel source xxx

tunnel destination xxx

tunnel key 100

The only difference is the tunnel source.

On Router1 it's a subinterface, on Router2 it's a GigabitEthernet.

What's interesting, both routers are showing a standard Ethernet MTUs on the source interfaces:

Router2#sh int

GigabitEthernet0/0 is up, line protocol is up

Hardware is MV64460 Internal MAC, address is ..

Internet address is xxx

MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec

...

Router1#sh int

GigabitEthernet0/0.255 is up, line protocol is up

Hardware is MV64460 Internal MAC, address is ...

Description: VLAN y

Internet address is xxx

MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec

...

So I really don't understand where are the tunnel interface MTU values coming from :-(

IMHO, the sh int tunnel ... command is misleading with the MTU filed, it's showing just some value which has no sense.

BR,

Milan

0 Helpful

Go to solution
tdotvix1982
Level 1
Level 1
In response to milan.kulik

‎06-09-2011 03:12 AM

Hi Milan,

I am really pleased to recieve your reply on such a short notice Milan. Your reply was absolutely awesome. It tells me that it's probably not a configuration error on my part but most likely a bug in the IOS  where it probably is showing wrong information in the show output.  This is because I am not using sub-interfaces on my router and I am still getting that unrealistic MTU in my 'show interface tunnel xxx' output. Just  so you know that the remote router which is showing the 'right' MTU of  1430 is a 2801 with Advanced-IP-Services 12.4T train and the one showing  the 'wrong' output which I showed in my post is a 2801 with  Advanced-Security-K9 with 12.4T train. Thanks for the help mate.

Thanks,

Vick.

0 Helpful

Go to solution
milan.kulik
Level 10
Level 10
In response to tdotvix1982

‎06-10-2011 01:06 AM

Hi Vick,

this is my understnading, but I'm not 100% sure.

The behaviour might be different with a different IOS version.

You can see I was opening a similar discussion

https://supportforums.cisco.com/message/3347227#3347227

in the past without any clear conclusion :-(

BR,

Milan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card