DScouser
asked on
IP MTU & Fragmentation over L2TP
Hi all,
We have a site router connecting over a 3G Carrier Network via L2TP/VPDN into our Cisco 7204 LNS Router to forward onto the customer network.
All sessions connecting OK and pings from site to customer data-centre OK.
However, we have found that when packets of size 1464 are sent from the the site to the data-centre, then the ping fails. Packet size 1456 work OK.
According to the customer, they can see the ping request hit the destination server in the data-centre which then replies. But the site never receives the reply from the server in the data-centre back accross the L2TP link.
All Ethernet links are default MTU 1500
We are being asked if the LNS Router is causing this, so need to prove if it is or not.
Any help would be greatly appreciated.
Cheers
Stephen
We have a site router connecting over a 3G Carrier Network via L2TP/VPDN into our Cisco 7204 LNS Router to forward onto the customer network.
All sessions connecting OK and pings from site to customer data-centre OK.
However, we have found that when packets of size 1464 are sent from the the site to the data-centre, then the ping fails. Packet size 1456 work OK.
According to the customer, they can see the ping request hit the destination server in the data-centre which then replies. But the site never receives the reply from the server in the data-centre back accross the L2TP link.
All Ethernet links are default MTU 1500
We are being asked if the LNS Router is causing this, so need to prove if it is or not.
Any help would be greatly appreciated.
Cheers
Stephen
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Rick_O_Shay
Forgot to add that unless fragmenting isn't being allowed it shouldn't cause a problem. It will just chop the larger packets up into the required number of smaller fragments. In the case you talked about it sounds like fragmenting isn't be allowed.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks or the replys up to now, the connection is UDP
Hi,
You could try clearing the DF bit in the ip header so that the router will be allowed to fragment the ip packets.
The very last section of the following document shows you how to clear the DF bit.
http://www.cisco.com/en/US/tech/tk801/tk703/technologies_tech_note09186a0080094c4f.shtml#tcp_mss
You could try clearing the DF bit in the ip header so that the router will be allowed to fragment the ip packets.
The very last section of the following document shows you how to clear the DF bit.
http://www.cisco.com/en/US/tech/tk801/tk703/technologies_tech_note09186a0080094c4f.shtml#tcp_mss
ASKER
Thanks, I tried that yesterday, created the route-map and applied the policy to the incomming ethernet interface from the customer network.
From "show ip traffic" command, I do not see ICMP unreachables being sent from the LNS, I'm under the impression that if the LNS was dropping the packet, it would send an ICMP code 4 back.
From "show ip traffic" command, I do not see ICMP unreachables being sent from the LNS, I'm under the impression that if the LNS was dropping the packet, it would send an ICMP code 4 back.
When your doing the pings are you setting the DF bit in the packet? When you set the DF bit, what is the limit on packet size before you receive the icmp error.
ASKER
completed, thanks all