MTU Packet size, VPN with Active Directory
Posted on 2007-04-06
I have a windows 2003 network, with a mix of 2003 and 2000 domain controllers, there are branch offices connected to the lan via a VPN, recently this vpn was upgraded from Pick boxes to Cisco 1720, since then, active directory relication has been troublesome at best. I tested the max packet size with ping, 1472 gets fragmented, 1380 is the max size which can go through without fragmentation.
The currect packet size is the default of 1472. There are about 15 DCs in the domain, I spoke to the Router Vendor, who reports that he can not increase the packet size because of the tunnel and the ecription he is using.
Just a few questions:
1) If I make no changes, what is the actions AD will take, will it try the 1472, then scale down to the largest non fragmented packet size, or will it fragment the packet and what would the effect of this be.
2) Do I need to edit the registry on each DC to the 1380 packet size.
3) Are there any tools which can help determine if the AD replication packets are being fragmented as currently configures, I know I can use ping to determin the max no fragmented size, but can a see what AD is doing.
4) what would be the recommended solution to what is going on here.