Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
858
Views
1
Helpful
2
Replies

MTU size of VTI Tunnel without encryption

Kepler
Level 1
Level 1

‎04-27-2023 03:24 PM

Hi all,

My branch Switch Cisco WS-C3560 cant do NAT therefore traffic goes to the internet through the tunnel.

This tunnel with ISR4321 is without encryption because the branch switches do not support encryption.

Here is no firewall and traffic is not filtering.

In the branch network, I can't browse some of the websites,  but some of them are working for example:
I can ping amazon.com, also I can telnet amazon.com 443, but it is not browsing.

At this time I can browse facebook.com (ping and telnet also works). The same situations are with many other sites. all of them are pinging, resolving by DNS, and telnet works, but not browsing.

Can you tell me please is it problem with MTU? What is the recommended size of MTU in my case? 

Labels:
0 Helpful
2 Replies 2

M02@rt37
VIP
VIP

‎04-29-2023 05:56 AM

Hello @Kepler,

To determine the appropriate MTU size for your network, you can perform a path MTU discovery (PMTUD) test. This involves sending packets with varying sizes and adjusting the MTU accordingly until the largest packet size that can be transmitted without fragmentation is determined.

To do this, you can use the "ping" command with the "-l" option to specify the packet size and the "-f" option to set the "do not fragment" bit. For example:

ping -l 1500 -f www.google.com

If the packet is too large for the network, the ping command will return an error indicating that fragmentation is needed. In this case, you can decrease the packet size and try again until you find the largest size that does not require fragmentation.

Once you have determined the appropriate MTU size, you can configure it on your network devices, including the ISR4321 router and the branch switches, to prevent fragmentation and improve network performance. The recommended MTU size for most networks is 1500 bytes. However, this may vary depending on your specific network configuration and requirements.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World
VIP
VIP

‎04-29-2023 06:00 AM

Only config ip tcp mss under vti tunnel

Make it 1380 bytes 

0 Helpful
Customers Also Viewed These Support Documents