[AusNOG] GRE Tunnel MTU suggestions
Mateusz Viste
nogs at border6.com
Tue Jul 1 21:13:55 EST 2014
Hi,
IIRC the GRE header is somewhere between 8 and 32 bytes, depending on
the extensions used. So I would advise first checking exactly what
header size your GRE packets have (easily done with tcpdump + wireshark).
About MSS: there is no point in setting it at the MTU value, it should
be lower, as it have to account for TCP/IP headers, too. Therefore the
calculation would be:
$YOUR_MSS = 1500 - ($YOUR_GRE_OVERHEAD + 20 + 20)
Note: I counted 20 bytes for the TCP header, but it *might* be more if
you have some hosts that use additional options (the TCP timestamp
option comes to mind, that would eat up as much as 10 additional bytes
of your MSS) - I see most linux machines use this TCP extension
nowadays... Also, TCP stacks like to pad options with a few NOPs sometimes.
A "safe" value would be 1400 bytes for your MSS rewriting, but you might
be able to get a little bit higher if not using the whole range of
features in your GRE headers and/or if you're sure that hosts on both
networks use no TCP extensions (but you probably never can be really
sure about that).
cheers,
Mateusz
On 07/01/2014 08:56 AM, Joseph Goldman wrote:
> Hi List,
>
> Setting up a GRE tunnel for a customer and would appreciate a bit of
> input.
>
> I can successfully push 1500byte packets with df-bit set between the 2
> endpoints (1501 fails), so it is a full mtu of 1500.
>
> I'd like to set an ip mtu on the tunnel and an ip tcp adjust-mss.
> Obviously I can't use 1500 as we have to account for GRE, so I'd like to
> know the best suggestions for an MTU, and if its worth setting the MSS
> at the same size as the MTU or if I should lower the MSS adjust and if
> so by how much?
>
> Note: IPSec is not used on top, just GRE.
>
> Thanks,
> Joe
More information about the AusNOG
mailing list