Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
766
Views
0
Helpful
1
Replies

WAN MTU issues?

rtjensen4
Level 4
Level 4

‎12-21-2011 07:54 AM - edited ‎03-04-2019 02:42 PM

Hi All,

I have an odd issue...

My WAN is a Native LAN solution. basically, its a L2 VLAN from our ISP.

My Main location has 100mbFiber, ethernet handoff. 3945E rotuer

Branch1 has 10mb Fiber, with ethernet handoff. 2801 router

Branch2 has 3mb Bonded T1s, with Ethernet handoff 2801 router

Branch3-18, same as 1 or 2, depends on the locaiton. 2801 routers

I run DMVPN across the WAn to my branches via Tunnel0 on my routers.

If I try to ping a host at Branch 2 like this: ping <host> -l 1470 -f... Ping completes just fine.

If I try to ping a host at Branch 1 with same parameters, I get a "Packet needs to be fragmented but DF set." from my HQ router.

The Tunnel interfaces on my branch routers are identical:

interface Tunnel0

bandwidth 10000

ip address 192.168.95.x 255.255.255.128

ip access-group 170 in

ip access-group inter-branch out

no ip redirects

ip mtu 1420

ip flow monitor flow-1 input

ip nhrp map multicast xxxxx

ip nhrp map xxxxx

ip nhrp map multicast xxxxx

ip nhrp map xxxxx

ip nhrp network-id 1

ip nhrp holdtime 600

ip nhrp nhs <IP1>

ip nhrp nhs <IP2>

ip ospf network broadcast

ip ospf hello-interval 30

ip ospf priority 0

qos pre-classify

tunnel source FastEthernet0/1

tunnel mode gre multipoint

tunnel key 0

tunnel path-mtu-discovery

tunnel protection ipsec profile GreenDMVPN

Tunnel at Main location, also DMVPN Hub, is this:

interface Tunnel0

bandwidth 100000

ip address 192.168.95.x 255.255.255.128

no ip redirects

ip mtu 1420

ip pim sparse-mode

ip flow monitor flow-1 input

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 600

ip virtual-reassembly in max-reassemblies 1024

ip tcp adjust-mss 1360

ip ospf network broadcast

ip ospf hello-interval 30

ip ospf priority 12

qos pre-classify

tunnel source GigabitEthernet1/0.95

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile GreenDMVPN

I did debug ip icmp at branch and HQ router... the fragmentation needed messages are for sure being generated from the HQ router.

Any idea WHY I see the different behavior between the branches?

I would think that since my MTU is set at 1420, a packet of 1470 with DF set would die to all branches. Thoughts?

Labels:
0 Helpful
1 Reply 1

gfcisco31
Level 1
Level 1

‎12-21-2011 09:53 AM

Hello mate !

JUst to understand better your testing...

YOu are running a PING from the HUB router towards the two BRANCH locations with the same source address. YOu are NOT setting the DF bit during the pings One is going with the Dont fragment bt set, and the other is NOT.  is this the scenario  ?

run the pings again towards both branch locations, one ping with DF bit set and other without the DF bit set.  Paste the output here if you can...

talk to you soon

0 Helpful
Customers Also Viewed These Support Documents