Hi,

Do you mean i need to change MTU in tunnel or LAN interface ? Because when i route from GRE tunnel (without IPSEC ) ,it is pixelated.if i route without GRE,stream is clear.Let me know IPSec without GRE can carry video stream ? I also need to apply mtu size in IPSec ?

I use GRE tunnel as below . LAN interface is default and i put only ip address.Let me know ike v1 is more bandwidth usage ? My sites have various model and brand such as ISR 1000 and MSR 3000.

interface tunnel2
ip address 192.168.12.1 255.255.255.0
tunnel source 10.1.101.1
tunnel destination 10.1.102.2

interface GigabitEthernet0/1
description ## LAN##
ip address 192.168.1.1 255.255.255.0

Hello,

with only GRE tunnel the tunnel MTU is 1476 (if not using IPSec).

If traffic is based on TCP you can use on the LAN interface:

int gi0/1

ip tcp mss-adjust 1430

If the traffic is based on UDP you can try

int gi0/1

ip mtu 1430

IF you add IPSec you need to lower the MTU again for the added overload.

IPSec has not its own interface.

Hope to help

Giuseppe

Hi,

Thank for your help.

Let me know some person suggest as to increase GRE Tunnel MTU as below .Is it any issue ? And let me know what is different mtu and ip mtu command? In DMVPN we apply mtu in Tunnel ,Please let me know what is different between apply mtu size on LAN interface and apply on GRE tunnel? If i use TCP and UDP both,how should apply ? i need to adjust MTU size on both sides ?

interface tunnel2
mtu 1560
ip address 192.168.12.1 255.255.255.0
tunnel source 10.1.101.1
tunnel destination 10.1.102.2

interface GigabitEthernet0/1
description ## LAN##
ip address 192.168.1.1 255.255.255.0

Hello MrBeginner,

>> Let me know some person suggest as to increase GRE Tunnel MTU as below

>> interface tunnel2
mtu 1560

This can only lead to more fragmentation issues UNLESS The WAN interface has a greater MTU (the interface that is used as tunnel source).

Try to implement what I have suggested in my previous post.

mtu command  provides the MTU for the interface regardless of the protocol in use (IPv4 or IPv6 or other) but in Cisco IOS routers the numbers we put in the command refer to the L3 packet size  not to the L2 frame size.

ip mtu configures the MTU for IPv4 packets.

>> Please let me know what is different between apply mtu size on LAN interface and apply on GRE tunnel?

If you apply the command on the LAN interface the senders know for sure they have to reduce the size of the packets they send. because the first hop has already a reduced MTU.

>> f i use TCP and UDP both,how should apply ? i need to adjust MTU size on both sides ?

Yes, it would be better to use a reduced mtu both on the LAN interface and on the GRE tunnel

Hope to help

Giuseppe

Hi ,

Can i ask some question when i change tunnel mtu size to your suggest value,video is black out. Cannot see any video.

Let me know ,i also need to configure in both LAN part (R1 G0/1 and R2 G0/1) ?

Let me know ,i also need to configure on the both uplinks of two switches ? I am using GRE over IPSec.

Hello MrBeginner,

yes try to add the commands to reduce the MTU also on the LAN interfaces.

The switch interfaces are L2 and this MTU concept is an OSI layer3 concept so you don't need to reduce it on the switch ports.

>> ,i also need to configure in both LAN part (R1 G0/1 and R2 G0/1) ?

Yes, as I have explained above.

Hope to help

Giuseppe

Hello,

instead of changing the MTU size, you can also try and configure a QoS policy. Not knowing your exact configurations (can you post those ?), I have put together the generic policy below. The policy assumes that your voice and video traffic is marked with DSCP values; if that is not the case, you need to use an access list.

R1

class-map match-any VIDEO-VOICE-CLASS
match dscp 46
match dscp 34
match dcsp ef
match dscp af41
!
policy-map VIDEO-VOICE-POLICY
class VIDEO-VOICE-CLASS
priority percent 30
class class-default
fair-queue
!
crypto map VPN-CMAP 10 ipsec-isakmp
set peer 10.1.102.2
set transform-set TS
match ip address 101
qos pre-classify
!
interface tunnel2
ip address 192.168.12.1 255.255.255.0
tunnel source 10.1.101.1
tunnel destination 10.1.102.2
crypto map VPN-CMAP
qos pre-classify
!
interface FastEthernet0/0
description ##WAN
ip address 10.1.101.1 255.255.255.0
service-policy output VIDEO-VOICE-POLICY
crypto map VPN-CMAP

R2

class-map match-any VIDEO-VOICE-CLASS
match dscp 46
match dscp 34
match dcsp ef
match dscp af41
!
policy-map VIDEO-VOICE-POLICY
class VIDEO-VOICE-CLASS
priority percent 30
class class-default
fair-queue
!
crypto map VPN-CMAP 10 ipsec-isakmp
set peer 10.1.102.1
set transform-set TS
match ip address 101
qos pre-classify
!
interface tunnel2
ip address 192.168.12.2 255.255.255.0
tunnel source 10.1.101.2
tunnel destination 10.1.102.1
crypto map VPN-CMAP
qos pre-classify
!
interface FastEthernet0/0
description ##WAN
ip address 10.1.101.2
service-policy output VIDEO-VOICE-POLICY
crypto map VPN-CMAP

Hi,

If my video stream is not include voice,configuration is also same ?

Hello,

if you don't need to mark voice, take out 'match dscp 46' and 'match dcsp ef'. This, however, is how Cisco marks this traffic. If you apply the policy and don't see any matches, your video traffic might be marked differently.