IP MTU & Fragmentation over L2TP

Hi all,

We have a site router connecting over a 3G Carrier Network via L2TP/VPDN into our Cisco 7204 LNS Router to forward onto the customer network.

All sessions connecting OK and pings from site to customer data-centre OK.

However, we have found that when packets of size 1464 are sent from the the site to the data-centre, then the ping fails.  Packet size 1456 work OK.

According to the customer, they can see the ping request hit the destination server in the data-centre which then replies.  But the site never receives the reply from the server in the data-centre back accross the L2TP link.

All Ethernet links are default MTU 1500

We are being asked if the LNS Router is causing this, so need to prove if it is or not.

Any help would be greatly appreciated.

Cheers

Stephen
DScouserAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick_O_ShayCommented:
The encryption protocols use up bytes for their packet headers so the payload size does get reduced accordingly. A 1456 payload size sounds about right.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rick_O_ShayCommented:
Forgot to add that unless fragmenting isn't being allowed it shouldn't cause a problem. It will just chop the larger packets up into the required number of smaller fragments. In the case you talked about it sounds like fragmenting isn't be allowed.
0
rochey2009Commented:
Hi,

http://www.cisco.com/en/US/tech/tk801/tk703/technologies_tech_note09186a0080094c4f.shtml#tcp_mss

You could try reducing the tcp mss automatically for tcp connections over the link

ip tcp adjust-mss <max seg size>

can be used at the interface level. You'll need to calculate the correct tcp max segment size for the link taking into consideration the size of the l2tp header etc.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

DScouserAuthor Commented:
Thanks or the replys up to now, the connection is UDP
0
rochey2009Commented:
Hi,

You could try clearing the DF bit in the ip header so that the router will be allowed to fragment the ip packets.

The very last section of the following document shows you how to clear the DF bit.

http://www.cisco.com/en/US/tech/tk801/tk703/technologies_tech_note09186a0080094c4f.shtml#tcp_mss
0
DScouserAuthor Commented:
Thanks, I tried that yesterday, created the route-map and applied the policy to the incomming ethernet interface from the customer network.

From "show ip traffic" command, I do not see ICMP unreachables being sent from the LNS, I'm under the impression that if the LNS was dropping the packet, it would send an ICMP code 4 back.
0
rochey2009Commented:
When your doing the pings are you setting the DF bit in the packet? When you set the DF bit, what is the limit on packet size before you receive the icmp error.
0
DScouserAuthor Commented:
completed, thanks all
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.