There is of course much more to this than meets the eye so be careful in setting router and gateway MTU without fully thinking through the theory, analyzing the results with an analyzer and setting up network monitoring signature triggers to watch for problems in the future. That is why most VPN Client software adjust their MTU to 1300 so that does not occur – but what if you go through multiple tunnels? Then it becomes a manual hide and seek process to arrive at an MTU that works. The performance hit comes from what I call the “two for one blue light packet special” caused by the overhead of the tunnel header forcing two packets across the tunnel for each originating packet. Gateways are not able to respect native DF bit flags (Don’t Fragment) because they are isolated on another OSI Model stack interface. Firewalls blocking ICMP disables IP’s dynamic Path MTU Discovery causing fragmentation at VPN, L2TP tunnels impacting performance.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |