Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1071
Views
0
Helpful
3
Replies

L2TP MTU nightmare - need help

vanjaburic
Level 1
Level 1

‎04-06-2011 09:52 AM - edited ‎03-06-2019 04:28 PM

We are currently have lots of issues with L2TP over coax (cable modems). Customer complains about applications connection issues, time outs, slow speeds, drops in the middle of file transfer etc...

Here's the current setup:

Customer LAN>Customer's 2811-->Our 1811 (doing L2TP)-->Our Cable modem(basic routing to CMTS)-->Our DTR (L2TP tunnel termination)-->Customers fiber site (VLAN terminated). From their fiber site they allow Internet access.

Basically this is a hub and spoke with fiber site being a hub and spoke sites are all on cox (cable modem connections). L2TP tunnel is being terminated at our DTR and from there back to their fiber site via standard VLAN.

We have isolated that main issue is MTU size. When manipulating MTU and tcp mss on our 1811 and their 2811 things improve, but they still experiencing issues. Also the problem is that we cannot change MTU on any of the switched ports on 1811 (customer facing ports). This is a known Cisco bug. But we can change MTU on routed ports (ports doing L2TP facing our cable modem) and we did increase the MTU on those ports to the max (1600).

I just want to know what would be ideal MTU and tcp mss  settings on our and customer's 2811 for L2TP tunneling? There are som many options and compbinations, I just wanted to see if any Cisco gurus here have any suggestions.

Any help is appreciated

Labels:
0 Helpful
3 Replies 3

Nathan Spitzer
Level 1
Level 1

‎04-06-2011 12:58 PM

Not what you want to hear but there are NO easy answers to this. Most commonly this occurs because firewall admins don't understand that ICMP does much more then ping and just deny all ICMP traffic instead of just ping. This breaks PMTUD and leads to the symtoms you describe. Throw L2TP into the mix and you have trouble.

You should be able to fix it  for TCP traffic by having the router change the TCP MSS size negotiated during the tcp three-way handshake  with the command "ip tcp adjust-mss max-segment-size" on the LAN side of the routers (only one side really needs it). This will adjust the TCP MSS during the three way handshake down. In enviroments with similar problems  I will use a MSS of 1300 and normally that resolves the issue.

0 Helpful

vanjaburic
Level 1
Level 1
In response to Nathan Spitzer

‎04-06-2011 02:09 PM

Nathan,

Thanks for your reply. That certainly makes sense.

So you think I should set mss to 1300 on switched interfaces of my 1811? Interfaces facing the customer. And not globally.  Correct?

0 Helpful

Nathan Spitzer
Level 1
Level 1
In response to vanjaburic

‎04-06-2011 03:55 PM

I believe it needs to be a L3 interface, i.e. it has to have an IP address and be in the path of the TCP three-way handshake. If thats how that interface is setup that will work.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card