GRE Tunnel, IPsec, MTU, MSS

aunraza · ‎10-23-2004

Hello:

The scenario is:

We have a gre tunnel configured between our site and the clients site, over IPsec running OSPF. ip mtu is 1476 on the tunnel interfaces on each side.

The problem we are having is:

When the client does an FTP get, its super fast. However, when the client tries to upload a file to our FTP server, it is extremely slow. The FTP server on our side is sitting behind a Cisco Content Service Switch (Load-balancer).

My question is - is it the ip mtu size that is causing issues? What might be configured wrong, or what needs to be configured to fix this problem.

spremkumar · ‎10-25-2004

hi

i hve seen mtu size creating some sort of issues in live networks but not a similar network which u hve mentioned in u r post.

try to increase the mtu size to 1500 and chek out whether the problem has been solved or not..

regds

f14100 · ‎10-26-2004

Hi aunraza!

Is the tunnel path-mtu-discovery option activated on the tunnel interface?

I had the same problem but without Content Service Switch and removed that option. This solved my problem.

bye

aunraza · ‎10-26-2004

Thanks for the replies guys.

Did not have the tunnel pmtud command configured on the tunnel interface. However, the problem was solved once we increased the ip mtu on the tunnel to 1600! 1500 would let packets of 1500-54 through, but not more than that, so we just thought we'd bump it up to 1600. I'm guessing that IPsec was adding additional overhead, and for some reason, fragmentation wasn't working correctly. The 1600 byte mtu allowed for all that to fit in and helped fragmentation work too. Maybe someone else can provide more insight on this.