Solved: GRE tunnel default MTU - Cisco Community

74582

Views

80

Helpful

11

Replies

Anybody know the default mtu setting on a gre tunnel interface such as this?:

interface Tunnel1

description "xxx"

ip address x.x.x.x 255.255.255.252

tunnel source Loopback1

tunnel destination x.x.x.x

I'm asking cause on the core redundant to this one where I've copied code from, the config line 'ip mtu 1500' is configured. I want to make sure these are matched up.

Thanks in advance.

/rls

1 Accepted Solution

Accepted Solutions

Robert,

Sorry, I spoke too soon. I should have focused on your question, which is "IP MTU" and referred you to the command "show ip interface Tu0" instead of "show interface tu0".

GRE packets are formed by the addition of the original packets and the required GRE

headers. These headers are 24-bytes in length and since these headers are added to the

original frame, depending on the original size of the packet we may run into IP MTU

problems.

Even though the maximum IP datagram has been defined as 64K, most links enforce a smaller

maximum size for the packets. This maximum size is known as MTU (Maximum Transmission

Unit) and as you also know, different types of media have different MTU sizes they can

accommodate and transport. The most common IP MTU is 1500-bytes in length (Ethernet).

The IP implementation, as we know it, provides a mechanism to allow routers the

fragmentation and transmission of packets larger if there are differences in the MTU and a

packet is larger than what the outgoing media will support. Once a packet has been

fragmented to be sent over a media that will not support the original packet size, the end

station is responsible for the reassembly of the different fragments the original packet

was broken into.

GRE tunnels normally calculate their IP MTU size based on the physical link they will use

as the outgoing interface.

What you see in â€œshow interface Gig Xâ€ is the MTU of the interface and NOT the IP MTU.

In order for you to see the IP MTU you need to use the â€œshow ip interface Gig Xâ€

When the tunnel is created, it deducts the 24-bytes it needs to encapsulate the passenger

protocols and that is the IP MTU it will use.

For example, if we are forming a tunnel over FastEthernet (IP MTU 1500) the IOS calculates

the IP MTU on the tunnel as:

1500-bytes from Ethernet - 24-bytes for the GRE encapsulation = 1476-Bytes

Let me explain this with a simple set up:

Lets say I configure a Tunnel interface and sourcing it via a physical interface which has an MTU of 1500, then the Tunnel

interface will have IP MTU of 1476, leaving space for the 24 byte GRE Header.

In my case, I am sourcing the packets from Gig0/0 which has physical interface of MTU 1500, so when I do a "show ip int Tu0",

You will see that the IP MTU is 1476.

Router#sh run int gi0/0

Building configuration...

Current configuration : 118 bytes

!

interface GigabitEthernet0/0

ip address 10.89.245.253 255.255.255.0

duplex auto

speed auto

media-type rj45

end

Router#sh run int tu0

Building configuration...

Current configuration : 127 bytes

!

interface Tunnel0

ip address 1.1.1.1 255.255.255.252

tunnel source GigabitEthernet0/0

tunnel destination 10.89.245.1

end

Router#sh int gi 0/0

GigabitEthernet0/0 is up, line protocol is up

Internet address is 10.89.245.253/24

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

Router#sh ip int tu 0

Tunnel0 is up, line protocol is up

Internet address is 1.1.1.1/30

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1476 bytes

Now, lets say I lower the IP MTU value on Gi0/0 to 1400, What should be the default new value on the tunnel interface?? You

are absolutely right, 1376 :-)

Router#sh run int gi0/0

Building configuration...

Current configuration : 131 bytes

!

interface GigabitEthernet0/0

ip address 10.89.245.253 255.255.255.0

ip mtu 1400

duplex auto

speed auto

media-type rj45

end

Router#sh ip int tu0

Tunnel0 is up, line protocol is up

Internet address is 1.1.1.1/30

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1376 bytes

Please standby.... More to follow in the second post due to character limitation

Regards,

Arul

** Please rate all helpful posts **

View solution in original post

11 Replies 11

I believe this mtu should be 1476 i.e. 1500-24. 24 bytes are GRE overhead. However, depending upon MTU of interface tunnelled traffic is heading to, it could be 1500 as well.

Thanks.

The default for Tunnel interface is 1514. Please refer the below output from a lab router. You could very well run the same command on your chassis and confirm the default setting.

Router#sh int tu0

Tunnel0 is up, line protocol is down

Hardware is Tunnel

MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

The MTU of the tunnel interface must be less than that of the corresponding

physical interface. The Tunnel MTU is also set according to the MTU of the

"source" interface. You have to be careful if your source interface has a

higher MTU than that of the interfaces between the source and destination. The

fix or implementation of the following bug allows you to set the tunnel MTU:

CSCdk15279

Regards,

Arul

** Please rate if it helps **

Arul, thank you for the explanation however I have another question: what exactly is the 'ip mtu 1500' config doing? When I do a 'sho int t1' as I should have known to do(duh) I still the mtu setting at 1514 as you said. How is that?

/rls

Robert,

Sorry, I spoke too soon. I should have focused on your question, which is "IP MTU" and referred you to the command "show ip interface Tu0" instead of "show interface tu0".

GRE packets are formed by the addition of the original packets and the required GRE

headers. These headers are 24-bytes in length and since these headers are added to the

original frame, depending on the original size of the packet we may run into IP MTU

problems.

Even though the maximum IP datagram has been defined as 64K, most links enforce a smaller

maximum size for the packets. This maximum size is known as MTU (Maximum Transmission

Unit) and as you also know, different types of media have different MTU sizes they can

accommodate and transport. The most common IP MTU is 1500-bytes in length (Ethernet).

The IP implementation, as we know it, provides a mechanism to allow routers the

fragmentation and transmission of packets larger if there are differences in the MTU and a

packet is larger than what the outgoing media will support. Once a packet has been

fragmented to be sent over a media that will not support the original packet size, the end

station is responsible for the reassembly of the different fragments the original packet

was broken into.

GRE tunnels normally calculate their IP MTU size based on the physical link they will use

as the outgoing interface.

What you see in â€œshow interface Gig Xâ€ is the MTU of the interface and NOT the IP MTU.

In order for you to see the IP MTU you need to use the â€œshow ip interface Gig Xâ€

When the tunnel is created, it deducts the 24-bytes it needs to encapsulate the passenger

protocols and that is the IP MTU it will use.

For example, if we are forming a tunnel over FastEthernet (IP MTU 1500) the IOS calculates

the IP MTU on the tunnel as:

1500-bytes from Ethernet - 24-bytes for the GRE encapsulation = 1476-Bytes

Let me explain this with a simple set up:

Lets say I configure a Tunnel interface and sourcing it via a physical interface which has an MTU of 1500, then the Tunnel

interface will have IP MTU of 1476, leaving space for the 24 byte GRE Header.

In my case, I am sourcing the packets from Gig0/0 which has physical interface of MTU 1500, so when I do a "show ip int Tu0",

You will see that the IP MTU is 1476.

Router#sh run int gi0/0

Building configuration...

Current configuration : 118 bytes

!

interface GigabitEthernet0/0

ip address 10.89.245.253 255.255.255.0

duplex auto

speed auto

media-type rj45

end

Router#sh run int tu0

Building configuration...

Current configuration : 127 bytes

!

interface Tunnel0

ip address 1.1.1.1 255.255.255.252

tunnel source GigabitEthernet0/0

tunnel destination 10.89.245.1

end

Router#sh int gi 0/0

GigabitEthernet0/0 is up, line protocol is up

Internet address is 10.89.245.253/24

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

Router#sh ip int tu 0

Tunnel0 is up, line protocol is up

Internet address is 1.1.1.1/30

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1476 bytes

Now, lets say I lower the IP MTU value on Gi0/0 to 1400, What should be the default new value on the tunnel interface?? You

are absolutely right, 1376 :-)

Router#sh run int gi0/0

Building configuration...

Current configuration : 131 bytes

!

interface GigabitEthernet0/0

ip address 10.89.245.253 255.255.255.0

ip mtu 1400

duplex auto

speed auto

media-type rj45

end

Router#sh ip int tu0

Tunnel0 is up, line protocol is up

Internet address is 1.1.1.1/30

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1376 bytes

Please standby.... More to follow in the second post due to character limitation

Regards,

Arul

** Please rate all helpful posts **

.... Continuation from my previous post ***

Router#sh run int gi0/0

Building configuration...

Current configuration : 141 bytes

!

interface GigabitEthernet0/0

mtu 1500

ip address 10.89.245.253 255.255.255.0

ip mtu 1400

duplex auto

speed auto

media-type rj45

end

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

In the above scenario, lets say you try to configure a value of "IP MTU 1380" on the tunnel interface, then the router will

come back with a warning message like "%Warning: MTU set 1380 is greater than default 1376, fragments will happen"

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#int tu0

Router(config-if)#ip mtu 1380

%Warning: MTU set 1380 is greater than default 1376, fragments will happen

Router(config-if)#

Now, lets say you went into the physical interface and changed the value to 1200 with the current configuration of IP MTU on

the Tunnel interface set to 1380. What will the value of IP MTU on the Tunnel interface??? You are almost there.... Yes it is 1176 :-)

Router(config)#int gi0/0

Router(config-if)#mtu

Router(config-if)#mtu 1200

Router(config-if)#end

Router#sh run int gi0/0

Building configuration...

Current configuration : 128 bytes

!

interface GigabitEthernet0/0

mtu 1200

ip address 10.89.245.253 255.255.255.0

duplex auto

speed auto

media-type rj45

end

Router#sh int gi0/0

GigabitEthernet0/0 is up, line protocol is up

Internet address is 10.89.245.253/24

MTU 1200 bytes, BW 100000 Kbit, DLY 100 usec,

Router#

Router#sh ip int tu0

Tunnel0 is up, line protocol is up

Internet address is 1.1.1.1/30

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1176 bytes

In your situation, I would focus on the IP MTU on the physical interface and configure the Tunnel interface IP MTU

accordingly. All Cisco documents suggest to change the MTU value on the tunnel interface since the fragmentation happens when the packet reaches it. The reason is if you set the MTU value on the physical interface, you will modify all packets (also those not traversing through the tunnel).

So there is the difference between using it on the physical and on the tunnel.

MTU on the tunnel ----> only affects packets travelling through it

MTU on the phsysical ----> all packets will be affected.

I am also enclosing an excellent URL that discusses this in detail:

http://www.cisco.com/warp/customer/105/pmtud_ipfrag.html#t7

Let me know if you have any additional questions.

Regards,

Arul

** Please rate helpful posts **

Arul, your explanation was excellent! Thanks for taking the time to give such a detailed explanation and example. Your post is a great example of how good these forums can be.

/rls

Response to ajagadee reply from above.

I am not seeing the same results (see below). We have a DMVPN using mGRE tunnels protected by IPSEC.
We are investigating slow repsonse issues and suspect we may have excessive fragmention.
ajagadee stated above the that IOS always factors in the MTU of the GRE and you can confirm this with the
sho ip interface command. See my example below. I removed the tunnel configuration and rebuilt it.
During the configuration phase there is an Warning stating the MTU of 1400 is greater than the current transport
value of 1352. However the show ip interface for tunnel 2 still shows the MTU of 1400

Is there another parameter that may affect the MTU and MSS settings?

Router1(config)#no int t2
Router1(config)#interface Tunnel2
service_policy on dynamic interface is not allowed if there is fair-queue configured on main interface
Router1(config-if)# description GRE tunnel interface to Tempe
Router1(config-if)# bandwidth 1500
Router1(config-if)# ip address 10.2.24.194 255.255.128.0
Router1(config-if)# ip mtu 1400
%Warning: IP MTU value set 1400 is greater than the current transport value 1352, fragmentation may occur
Router1(config-if)# ip pim sparse-mode
Router1(config-if)# ip hello-interval eigrp 65100 10
Router1(config-if)# ip hold-time eigrp 65100 40
Router1(config-if)# ip flow ingress
Router1(config-if)# ip flow egress
Router1(config-if)# ip nat outside
Router1(config-if)# ip nhrp authentication XXXX
Router1(config-if)# ip nhrp map 10.2.0.1 A.B.C.D
Router1(config-if)# ip nhrp map multicast A.B.C.D
Router1(config-if)# ip nhrp network-id XXXX
Router1(config-if)# ip nhrp holdtime 600
Router1(config-if)# ip nhrp nhs 10.2.0.1
Router1(config-if)# ip nhrp registration timeout 30
Router1(config-if)# ip virtual-reassembly in
Router1(config-if)# zone-member security TRUST
Router1(config-if)# ip tcp adjust-mss 1360
Router1(config-if)# ip summary-address eigrp 65100 10.32.248.0 255.255.255.0 5
Router1(config-if)# load-interval 30
Router1(config-if)# if-state nhrp
Router1(config-if)# qos pre-classify
Router1(config-if)# tunnel source GigabitEthernet0/1
Router1(config-if)# tunnel destination A.B.C.D
Router1(config-if)# tunnel key XXXX
Router1(config-if)# tunnel protection ipsec profile iGBN
Router1(config-if)# max-reserved-bandwidth 100
Router1(config-if)# hold-queue 4096 in
Router1(config-if)# hold-queue 4096 out
Router1(config-if)#end
Router1#sho ip int t2

Tunnel2 is up, line protocol is up
Internet address is 10.2.24.194/17
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1400 bytes

Hi Les,

The warning is given to inform you of the potential for fragmentation to occur.

It does not automatically adjust the ip mtu. Nor does it lower the mss of tcp sessions; this value is normally negotiated between end hosts on session setup.

If the maximum transport value is 1352, you should set the ip mtu to match this setting and also reduce the ip tcp adjust-mss accordingly to 1312.

regards,

Leo

Could you please clarify me exactly why the MTU of the tunnel interface must be less than that of the corresponding physical interface?
What could happen otherwise?

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Hopefully Ajagadee will respond to your question on a seven year old post, but in the meantime, maybe the following will help you: http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

I appreciated your support!

Thank you very much Joseph!

Regards Ronie

Review Cisco Networking products for a $25 gift card