?
Solved

IP MTU & Fragmentation over L2TP

Posted on 2010-01-10
8
Medium Priority
?
2,016 Views
Last Modified: 2013-11-29
Hi all,

We have a site router connecting over a 3G Carrier Network via L2TP/VPDN into our Cisco 7204 LNS Router to forward onto the customer network.

All sessions connecting OK and pings from site to customer data-centre OK.

However, we have found that when packets of size 1464 are sent from the the site to the data-centre, then the ping fails.  Packet size 1456 work OK.

According to the customer, they can see the ping request hit the destination server in the data-centre which then replies.  But the site never receives the reply from the server in the data-centre back accross the L2TP link.

All Ethernet links are default MTU 1500

We are being asked if the LNS Router is causing this, so need to prove if it is or not.

Any help would be greatly appreciated.

Cheers

Stephen
0
Comment
Question by:DScouser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 21

Accepted Solution

by:
Rick_O_Shay earned 750 total points
ID: 26278515
The encryption protocols use up bytes for their packet headers so the payload size does get reduced accordingly. A 1456 payload size sounds about right.
0
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 26278531
Forgot to add that unless fragmenting isn't being allowed it shouldn't cause a problem. It will just chop the larger packets up into the required number of smaller fragments. In the case you talked about it sounds like fragmenting isn't be allowed.
0
 
LVL 17

Assisted Solution

by:rochey2009
rochey2009 earned 750 total points
ID: 26279108
Hi,

http://www.cisco.com/en/US/tech/tk801/tk703/technologies_tech_note09186a0080094c4f.shtml#tcp_mss

You could try reducing the tcp mss automatically for tcp connections over the link

ip tcp adjust-mss <max seg size>

can be used at the interface level. You'll need to calculate the correct tcp max segment size for the link taking into consideration the size of the l2tp header etc.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:DScouser
ID: 26282157
Thanks or the replys up to now, the connection is UDP
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 26282400
Hi,

You could try clearing the DF bit in the ip header so that the router will be allowed to fragment the ip packets.

The very last section of the following document shows you how to clear the DF bit.

http://www.cisco.com/en/US/tech/tk801/tk703/technologies_tech_note09186a0080094c4f.shtml#tcp_mss
0
 

Author Comment

by:DScouser
ID: 26282864
Thanks, I tried that yesterday, created the route-map and applied the policy to the incomming ethernet interface from the customer network.

From "show ip traffic" command, I do not see ICMP unreachables being sent from the LNS, I'm under the impression that if the LNS was dropping the packet, it would send an ICMP code 4 back.
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 26285364
When your doing the pings are you setting the DF bit in the packet? When you set the DF bit, what is the limit on packet size before you receive the icmp error.
0
 

Author Closing Comment

by:DScouser
ID: 31675205
completed, thanks all
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question