[AusNOG] GRE Tunnel MTU suggestions

Mark ZZZ Smith markzzzsmith at yahoo.com.au
Wed Jul 2 19:31:22 EST 2014 




----- Original Message -----
> From: Roland Dobbins <rdobbins at arbor.net>
> To: AusNOG at lists.ausnog.net
> Cc: 
> Sent: Tuesday, 1 July 2014 9:32 PM
> Subject: Re: [AusNOG] GRE Tunnel MTU suggestions
> 
> 
> On Jul 1, 2014, at 6:13 PM, Mateusz Viste <nogs at border6.com> wrote:
> 
>>  A "safe" value would be 1400 bytes for your MSS rewriting, but 
> you might be able to get a little bit higher if not using the whole range of 
> features in your GRE headers and/or if you're sure that hosts on both 
> networks use no TCP extensions (but you probably never can be really sure about 
> that).
> 
> 
> 1400 is indeed quite common; also, 1470 and 1476 are often used.
> 


If the majority of traffic is going to be traversing the tunnel, then it can be worth following the rule of "optimising for the common case", and stopping hosts from sending packets that would be too large for the tunnel in the first place, by lowering their interface MTUs to the tunnel's MTU. These days it seems most and in many cases all traffic from hosts is destined to off-link destinations, so loss of throughput on the intra-LAN traffic of all hosts using a lower MTU wouldn't be significant.

I don't know how widely it is supported by DHCPv4 clients and servers, however it is possible to lower an interface's MTU using the RFC2132 "Interface MTU" DHCPv4 option. A google search for 'dhcp rfc mtu option' shows a number of links suggesting it might be widely supported. Hosts that don't support it would need to have it manually set, otherwise you may get hosts that set their Maximum Receive Unit size to their Maximum Transmit Unit dropping large frames (MRU may not be an explicit thing, however it might be possible that when an interface's MTU is lowered, the host also either programs the NIC to reject received frames larger than the configured MTU, or rejects them when the NIC hands them to the OS for further processing).

For IPv6, you'd use the MTU option in your RAs. Should be universally supported, as it is part of the IPv6 specifications. (And you're using RAs, as you should be? http://www.users.on.net/~markachy/IPv6_RAs_Mostly_Necessary.pdf)






> ----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // 
> <http://www.arbornetworks.com>
> 
>                    Equo ne credite, Teucri.
> 
>                      -- Laocoön
> 
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>

More information about the AusNOG mailing list