[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gre tunnel MTU adjustment

On Thu, 2003-05-15 at 09:40, Jeff S Wheeler wrote:
> Dear List,
> I have a GRE tunnel setup between a debian linux/zebra router at my
> co-lo and my home office.  This allows me to have a /27 without coughing
> up $7/IP to the local cable monopoly.  There are no other broadband IP
> options available.
> My problem is I can't raise the MTU on the intermediate links over which
> the tunneled packets must travel, thus the MTU of my GRE tunnel is less
> than 1500.  Many popular Internet sites, including paypal, hotmail,
> portions of Yahoo, and my beloved friendster, have utterly broken Path
> MTU Detection.  The problem is wide-spread, and I don't think these
> sites are going to correct their problem or disable PMTUd on their
> servers, load balancers, and whatnot.
> Cisco routers have the ability to fragment and reassemble IP packets
> traversing GRE tunnels in order to effectively increase the tunnel MTU. 
> The command syntax is e.g. `ip mtu 1500` in interface configuration.
> Is similar functionality available on linux?  If not, can someone with
> iptables clue give me an example of how to disable the IP Don't-Fragment
> bit on ip packets that are being routed to my tunnel, allowing them to
> be fragmented even though the transmitting TCP stack has set DF?
> Kind thanks,


I use a GRE tunnel between my DSL connection at home and the network of
the ISP I work for. I use this iptables line in my setup, which fixes
the MTU for all outgoing packets:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp

Works just fine...


Teun Vink
BOFH excuse #382: Someone was smoking in the computer room and set off
the halon systems.

Reply to: