Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1276
Views
1
Helpful
1
Replies

Cisco SD-WAN : Overhead size

Joe Yin
Level 1
Level 1

‎02-15-2024 06:10 AM

Hi all,

I recently came across a presentation from Cisco Live 2020 on the Cisco Live OnDemand website (BRKRST-2377) : https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKRST-2377.pdf

While reviewing the material, I noticed a point of interest on slide 42 regarding the ESP size, which was mentioned as 36 Bytes. I wanted to confirm if this is accurate or if it might be a typographical error ?

image (4).png

I'm looking for the correct (or an estimated) overhead (Label+ESP+UDP) size that will be added in Cisco SD-WAN ?

I've also come across information in a Cisco Document (not SD-WAN) (https://www.cisco.com/c/dam/global/en_ca/solutions/strategy/docs/sbaGov_wanDguide.pdf), which indeed mentions the addition of 36 bytes, but specifically for "Transport Mode." However, this doesn't align with the SD-WAN encapsulation type.

image (5).png

Lastly, I conducted a Wireshark capture in an SD-WAN Network (EVE-NG), and although I observed a lower overhead than 36 bytes (something like ~30 bytes including ESP, Label and UDP encapsulation), but I'm not sure due to encryption.

Thank you for your time !

3 people had this problem
1 Reply 1

TaoJiang
Level 1
Level 1

‎01-19-2025 09:15 AM

This is an very confusing part, for the IPSec tunnel mode, based on the documentation below, the IPSec tunnel MTU is 1442 (this is whatever the IPSec encapsulate for the inner user traffic), it means that if the outgoing packet MTU is 1500, the IPSec tunnel overhead encapsulation header is 1500-1442=58, this 58 includes the IP header 20, UDP 8, so the IPSec header size should be 58-20-8=30, this doesn't match up with the 52 above. Also not sure if the tunnel should include the MPLS label 4 bytes or not. It is very important to understand this better, in our environment, we consistently see the TCP performance issue, also has to use the SDWAN fabric as the transport level for the IPSec traffic after the Fabric IPSec, without understand the header size correctly, it is hard to setup the TCP-Adjust-MSS on the IPSec tunnel interface behind the Fabric IPSec (Means IPSec encapsulate another IPSec).

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interface/ios-xe-17/systems-interfaces-book-xe-sdwan/configure-interfaces.html

0 Helpful
Customers Also Viewed These Support Documents