MTU over DMVPN and MPLS

Hello All,
I have a query regarding MTU over both DMVPN and MPLS.
I have been running the following command from a windows box
ping x.x.x.x -f -l yyy     (yyyy being the buffer size) and x.x.x.x being my remote hosts
I am using the same destination host and have two different paths to it. One over MPLS and one over a DMVPN.
I would have expected to be able to send packets with a higher MTU over the MPLS but for both MPLS and DMVPN the maximum packet size I can send with the DF bit set is the same  (1372).
Is this normal behaviour? I though MPLS would have less overhead, so my maximum packet size would be higher in my tests

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Generally, MPLS supports an increased MTU, when adding MPLS labels, while VPN tunnels, like DMVPN, don't exceed original MTU, and so, it reduces payload space.  So, normally, you should see larger ping buffer DF support across MPLS than DMVPN.  However, "normal" can be very much impacted by actual device configurations, including making MTU for DF packets the same for either MPLS or DMVPN.  (For example, you might want to make the two paths alike so flows that for any reason need to be redirect from one media path to the other see a consistent MTU.)

Similar Messages

  • DMVPN and Eigrp SIA issues

    I have over 250 sites in a hub-and-spoke desing, each remote site has a frame-relay and an IPSec tunnel to the office, we are running Eigrp but ever since we deployed DMVPN we've been getting many SIA messages...is this a normal behavior for a DMVPN design? should I just decrease how often EIGRP queries are sent or increase EIGRP timers, or should I just leave it alone...has anyone seen DMVPN in over 200 sites working flawlessly using eigrp? just curious...

    GTS = Generic Traffic Shaping.
    We just use the easier to use, traffic-shape rate command, but the likely cisco answer would be to create policy-map/class-maps for the tunnel interfaces.
    Our Tunnel interfaces have the following additional commands. cut-edited-paste.
    Site with a T1
    interface Tunnel111
    description VPN sitea to siteb
    bandwidth 1536
    ip unnumbered Loopback0
    ip access-group whattoblockin in
    ip access-group whattoblockout out
    ip mtu 1600
    ip hello-interval eigrp 111 2
    ip hold-time eigrp 111 8
    ip pim sparse-mode
    ip route-cache flow
    ip tcp adjust-mss 1280
    load-interval 30
    delay 1001
    traffic-shape rate 1536000 8192 8192 2048
    cdp enable
    tunnel source a.a.a.a
    tunnel destination b.b.b.b
    end
    The traffic-shape command is just there to keep the outside interface from being over run and dropping packets after encryption. This isn't "QOS" by Cisco's book, but when we implemented this, Cisco didn't have a pre-qualify that worked properly with DMVPN.
    If we start having problems with a site having heavy utilization, we'll change the traffic-shape statement to smooth out the traffic and control the heavy users. (refer to effects of WFQ).
    Do a search for WFQ and GTS on Cisco.com
    (oh, and if anyone tells you that the ip mtu command is a bad idea, tell 'em to stick it in their ear...)
    Rob

  • IPX and MPLS

    I am begining to implement an MPLS network. I have several sites that are using Novell 4.1 servers that are using IPX. At present I am using EIGRP and Frame Relay with some Point to Point connections. When I move all of these sites over to the MPLS network, what am I going to have to do to keep the IPX working between these servers.
    Will IPX run on MPLS? Or will MPLS encapsulate the IPX Packet in IP?
    Some of these servers cannot be upgraded to the Novell 5.0 or 5.1 using IP.

    It's kind of funny the "MP" in MPLS still needs some time. I doubt we will see anything for carrying IPX natively inside MPLS, mainly because the demand isn't there in the service provider space.
    There are emerging standards for bridging layer 2 inside MPLS - particularly VPLS. That may be an option, but it's not clear what platforms are supporting it right now as the standard is still in draft.
    For the short-term, certainly upgrading to nate IP is most desirable. If that's not feasable, then GRE tunnels will work well with a small number of servers.
    (Tunnels are point-to-point = n-squared)

  • Pseudowire over Traffic Enginnering MPLS

    I think i have asked a similar question under MPLS..
    But anyway has anyone used Pseudowire over Traffic Enginnering MPLS?
    What i would like to do is setup the MPLS TE using OSPF, built layer 3 tunnels between sites and then use Pseudowire to extend vlans over the TE MPLS tunnels and isolate the vlans using VRF-Lite.
    Advice pls..
    Francisco

    Hi Francisco,
    You can map a PW to a MPLS-TE tunnel via the PW-class:
    pseudowire-class TE
    encapsulation mpls
    preferred-path interface Tunnel0
    interface Ethernet0/0
    xconnect 1.1.1.1 10 pw-class TE
    HTH
    Laurent.

  • Problem running DMVPN and IPSec VPN at the same time

    I have a hub-spoke VPN network: 2 hub routers are 7206 VXR and remote routers are 2800. Each hub router has had number of point-to-point IPSec+GRE tunnels configured and running with remote sites. I'm now adding DMVPN between each hub router and a few other remote sites. The DMVPN is running fine between hub and spokes, but somehow it caused all the eixsting point-to-point IPSec tunnels drop. Here are some details:
    1) Hub DMVPN config:
    crypto isakmp key MYKEY address 12.12.12.12
    crypto ipsec profile DMVPN
    set transform-set DM
    interface Tunnel1
    ip address 192.168.1.1 255.255.255.0
    no ip redirects
    ip mtu 1400
    ip nhrp map multicast dynamic
    ip nhrp network-id 1
    ip nhrp holdtime 600
    tunnel source G0/0
    tunnel mode gre multipoint
    tunnel protection ipsec profile DMVPN
    router eigrp 1
    no passive-interface Tunnel1
    2) Spoke DMVPN config:
    crypto ipsec profile DMVPN
    set transform-set DM
    crypto isakmp key MYKEY address 14.14.14.14
    interface Tunnel1
    ip address 192.168.1.2 255.255.255.0
    ip mtu 1400
    ip nhrp map 192.168.1.1 14.14.14.14
    ip nhrp map multicast 14.14.14.14
    ip nhrp network-id 1
    ip nhrp holdtime 600
    ip nhrp nhs 192.168.1.1
    tunnel source G0/0
    tunnel destination 14.14.14.14
    tunnel protection ipsec profile DMVPN
    3) When DMVPN is up, hub router existing IPSec tunnels are shown ISAKMP failure.
    Hub# show crypto isakmp sa
    14.14.14.14     20.20.20.20 MM_NO_STATE       1508    0 ACTIVE (deleted)
    4) After I shut down interface Tunnel1, existing IPSec tunnels are coming back. ISAKMP SA shows QM_IDLE state.
    Have anyone seen similar issues between DMVPN and traditional point-to-point IPSec+GRE tunnels on the same router?
    Thanks a lot

    I have a hub-spoke VPN network: 2 hub routers are 7206 VXR and remote routers are 2800. Each hub router has had number of point-to-point IPSec+GRE tunnels configured and running with remote sites. I'm now adding DMVPN between each hub router and a few other remote sites. The DMVPN is running fine between hub and spokes, but somehow it caused all the eixsting point-to-point IPSec tunnels drop. Here are some details:
    1) Hub DMVPN config:
    crypto isakmp key MYKEY address 12.12.12.12
    crypto ipsec profile DMVPN
    set transform-set DM
    interface Tunnel1
    ip address 192.168.1.1 255.255.255.0
    no ip redirects
    ip mtu 1400
    ip nhrp map multicast dynamic
    ip nhrp network-id 1
    ip nhrp holdtime 600
    tunnel source G0/0
    tunnel mode gre multipoint
    tunnel protection ipsec profile DMVPN
    router eigrp 1
    no passive-interface Tunnel1
    2) Spoke DMVPN config:
    crypto ipsec profile DMVPN
    set transform-set DM
    crypto isakmp key MYKEY address 14.14.14.14
    interface Tunnel1
    ip address 192.168.1.2 255.255.255.0
    ip mtu 1400
    ip nhrp map 192.168.1.1 14.14.14.14
    ip nhrp map multicast 14.14.14.14
    ip nhrp network-id 1
    ip nhrp holdtime 600
    ip nhrp nhs 192.168.1.1
    tunnel source G0/0
    tunnel destination 14.14.14.14
    tunnel protection ipsec profile DMVPN
    3) When DMVPN is up, hub router existing IPSec tunnels are shown ISAKMP failure.
    Hub# show crypto isakmp sa
    14.14.14.14     20.20.20.20 MM_NO_STATE       1508    0 ACTIVE (deleted)
    4) After I shut down interface Tunnel1, existing IPSec tunnels are coming back. ISAKMP SA shows QM_IDLE state.
    Have anyone seen similar issues between DMVPN and traditional point-to-point IPSec+GRE tunnels on the same router?
    Thanks a lot

  • Since downloading ios5 on my iphone 4 the capacity guage in itunes shows other as over 21Gb and i can no longer fit any music on it. How do I get rid of the other stuff? other

    Since downloading ios5 on my iphone 4 a few days ago, the capacity guage in itunes shows "other" as over 21Gb and i can no longer fit any music on my iphone.
    How do I get rid of the other stuff?
    capacity available on 32 Gb iphone is 28.49Gb
    i previously had 21.97 Gb music, over 6 Gb photos, about 1Gb of apps, and minute amount of audio
    now i have no music, 5.4 Gb photos and similar (0.8Gb) for  apps and audio. i have deleted heaps of photos and unused apps to try to make space but obviosly this is a much bigger problem. I also created a smaller music folder on itunes to sync to but at present no music is selected for syncing due to the lack of available space.
    i have 15Gb icloud account now also which is about half full.
    Ive done a little research and heard similar tales but with much smaller other totals than this. Can you help?
    i cant update my apps as i get a message saying i do not have enough available space.

    I had the same problem today and was able to resolve it without having to do a restore or reset. The problem had something to do with my mail accounts. The upgrade reset my mail settings, switching both my gmail and my .mac mail to "archive all mail". I went into the General Settings, disabled that setting, and resynced the phone. The "other" storage allottment dropped back down to less than a gig.
    Before you restore or reset, I would try that first.

  • Hi there has been someone on my game clash of clans on my iPad and have spent over £50 and I need the money back what can I do?

    Hi there has been someone on my game clash of clans on my iPad and have spent over £50 and I need the money back what can I do?

    Hello Vaidas Vaidas,
    It sounds like you are noticing someone else is accessing your Clash of Clans data by playing the game and you have tried to reset your Apple ID password. If you are following the steps outlined in this article:
    Apple ID: Changing your password
    http://support.apple.com/kb/ht5624
    What is preventing you from changing your password? Any error messages or prompts?
    Thank you for using Apple Support Communities.
    All the best,
    Sterling

  • HT4623 My iPad will not update to 5 at all. I don't even have the option of software update in settings. I've tried to update over iTunes and it doest work there either.

    My iPad will not update to 5 at all. I don't even have the option of software update in settings. I've tried to update over iTunes and it doest work there either.

    If you have an iPad 1, the max iOS is 5.1.1. For newer iPads, the current iOS is 6.1. The Settings>General>Software Update only appears if you have iOS 5.0 or higher currently installed.
    iOS 5: Updating your device to iOS 5 or Later
    http://support.apple.com/kb/HT4972
    How to install iOS 6
    http://www.macworld.com/article/2010061/hands-on-with-ios-6-installation.html
    iOS: How to update your iPhone, iPad, or iPod touch
    http://support.apple.com/kb/HT4623
    If you are currently running an iOS lower than 5.0, connect the iPad to the computer, open iTunes. Then select the iPad under the Devices heading on the left, click on the Summary tab and then click on Check for Update.
    Tip - If connected to your computer, you may need to disable your firewall and anitvirus software temporarily.  Then download and install the iOS update. Be sure and backup your iPad before the iOS update. After you update an iPad (except iPad 1) to iOS 6.x, the next update can be installed via wifi (i.e., not connected to your computer).
     Cheers, Tom

  • I am not able to access my photos through the photo application... when I click on the photo app, I can see the camera roll but a transparent album screen is over it and I cannot click on the photos to see it... can any one please help ???

    I am not able to access my photos through the photo application... when I click on the photo app, I can see the camera roll, but a transparent "album" screen is over it and I cannot click on the photos to see it... can any one please help ???

    Known bug.  Quit the Camera App, double-tap the home key and delete Camera from the recent apps bar. Fire it up again, should be good.

  • Mobile Data was racking up enormous over-charges and nobody at Verizon can tell me why.

    I was using a "Jet Pack" mobile hotspot so I could access the internet on my laptop out and about and mainly to monitor traffic during my commute. My Jet Pack contract ended and coincidentally my cell phone was eligible for the next upgrade. So I upgraded to the Samsung Galaxy 3 with the intention of using the 'Mobile Hotspot" feature on the new phone. I assumed that this feature would be identical to the Jet Pack as far as my data usage. Note that I occasionally upload photos and videos from the Jet Pack and I am familiar with how much data is used when I upload a video. If I upload too many videos it will cause my data to exceed my plan allowances. I think I may have exceeded my data allowances 1 or 2 times during my contract period when I was using the Jet Pack. The times that I did exceed my data allowance were minimal over-charges less than $50. So off goes the Jet Pack and on comes the Samsung Galaxy 3 using the "Mobile Hotspot" feature on the phone instead of the Jet Pack. During my first billing cycle with my new phone that I barely knew how to use, I began to use the mobile hotspot in the same routine as my Jet Pack. I did upload a few videos knowing that I might exceed my  plan a "little bit"....maybe by 1 or 2 GB over.  I received notification that I had exceeded my allowance and I immediately called to see why. I was shocked to see that I had used up a full 10GB which is WAY more than I had ever used with my Jet Pack. So I thought to myself that maybe the videos I uploaded were too long and I just didn't realize it. So I asked for an additional 2GB of data to get me through the billing cycle. I was told that it would only cost $20 more. I immediately decreased my data usage down to just using the Mobile Hotspot feature only.....no video uploading for the remainder of the billing cycle. I was sure that I would be fine after adding the additional 2BG. Then after a couple weeks I receive my bill and I am being charged over 19GB !!!!  And my overcharges are $150. I was shocked. I immediately called and spent a long time on the phone with several different Verizon reps over the phone. I spoke to at least 2 managers as well. I was able to beg for about a $45 credit. They all were very sympathetic but would not budge on refunding me any more. I reviewed my usage on My Verizon and I am baffled how I am being charged all this data!!!  Nobody can give me any details on what I may have done to use up that much data. They can't even tell me what the data was used for. What was I doing or not doing that used up all this data?  I was reviewing my data usage and I was being charged data 24/7!!! I saw data being used at 3AM when I am asleep!!! HOW CAN THIS BE??? I am EXTREMELY unhappy with Verizon for allowing this to happen and FAILING to give me an accurate and detailed explanation of how this may have happened and what exactly was drawing all the data. I will not pay these over charges and I am going to find out how this happened if it takes me 1000 hours of research to figure out how this happened. This is maddening.

    And yet, if they did keep track of what their customers were looking at/doing online, TONS of people would be up in arms about it, just like the NSA stuff a couple months ago.
    You can't have it both ways. Either Verizon doesn't keep a record of what websites you visit, what videos you watch, etc, or they do keep a record and the government can search it. It's not about whether you have "something to hide", but rather about whether someone with an agenda THINKS you have something to hide.
    You are an adult, presumably, install software on your computer to monitor your traffic if you care about this information. Then you personally have the records.

  • TS1702 how do you stop itunes from downloading apps over and over again and again like for ever it wont stop  help.

    how do you stop itunes from downloading apps over and over again and again like for ever it wont stop  help.
    i tryed everything i  can in the setting and so on , i even clicked on the downloads arrow to pause it and delete them but like i said it will now stop.
    theres apps i just dont want. theres a list of them but theres not a place were i can get rid of them. it also says some stuff about icloud yeah right like i have ios 5 or 7 ha . pod touch 2 is what i have lol . plz help thanks.

    to the right by search library theres an arrow there click on it : it will show you what it is downloading , from there you can pause and select all and delete them but still will continue to download them if you tell itunes to check for downloads. that download engien is crazy i tell yeah.
    no matter what we do it will still download them trust me i tryed everything and i also went to icloud to see if it was there but to what i see is that there is no apps there this is some crazy itune program that needs to remade.

  • My father has itunes account for ipad and my mother for an iphone my father has taken over iphone and needs to link it to his account

    my father has itunes account for ipad and my mother for an iphone my father has taken over iphone and needs to link it to his account

    iTunes will need to be set up on your computer however you can set up a new Apple ID to use for your iPhone. Really all you need to do is Assign a new Apple ID to your iCloud account.
    Follow the link to create a new Apple ID: https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/
    After you do that, on the device you want to assign a new iCloud account go: Settings > iCloud > Delete Account and then sign in with the new Apple ID.
    NOTE: This does not effect iTunes, all of your devices can continue to use one shared iTunes account under your original Apple ID for downloading apps and backups. This simply gives iCloud a place to sync the individual devices information and will stop iCloud form merging all the information, such as contacts, with all of your devices.

  • I performed a software update and the system is installing an update but it has been running for over 24hrs and keeps saying "This may take a few minutes, don't shut down your computer" Can anyone help?

    I performed a software update and the system is installing an update but it has been running for over 24hrs and keeps saying "This may take a few minutes, don't shut down your computer" Can anyone help?

    Hello cor-el, thanks for your reply. I changed my settings for downloads to desktop and it has appeared on there. When I double click I am asked which program I want to open file. I click firefox and another box "opening install" says I have chosen to open the file which is an application and do I want to save it. This is the only real option so I press save file. I get a box saying this is an executable file which may contain viruses - do you want to run. I press ok and the final box showing C drive file name and desktop appears stating application not found.
    This happens the same whenever I try to install.
    To my untrained eye the application is not being recognised as an application and I cannot work out how to get it to do that.
    My plugin is still showing as out of date.
    Is there anything you could suggest. Thanks for your time.

  • HT1766 I purchased two apps for my iPhone and every time I try to install them on my phone I keep getting a message saying that the file is over 50MB and I need to connect to wi-fi or use iTunes on my computer to download. How do I do that?

    I just got an iPhone 4 and have been downloading apps from the iTunes store when I encountered difficulty with two specific apps. Each time I try to download dictionary and star walk I get a message saying they are over 50MB and I need to be connected to iTunes to download, which I've tried to no avail. I also thought that when I sign into iTunes on my PC that it would automatically show that my iPhone device is connected (just like it does with my iPod) but it doesn't show the phone icon. I am not sure iTunes is recognizing my phone. Any help you can offer is greatly appreciated.

    Can you connect to a wifi source on the device? Enable wifi in settings on the device itself. If you don't have wifi at home, there may be a local hotspot you can use for this.
    The reason this happens is carriers don't want people downloading huge files that would slow their network as well as eat up your data plan.

  • I have iOS7 on my iPhone4. I turned on the Voice Over option and now my phone is not working at all. At first it was freezing and not accepting any commands. Now all I have is a blank sceen. I can't get back into it. Any ideas what happened here?

    I have iOS7 on my iPhone4. I turned on the Voice Over option and now my phone is not working at all. At first it was freezing and not accepting any commands. Now all I have is a blank sceen. I can't get back into it. Any ideas what happened here?

    Hi Jeffny01,
    If your iPhone is not responding, you may find the following article helpful:
    iOS: Not responding or does not turn on
    http://support.apple.com/kb/TS3281
    Regards,
    - Brenden

Maybe you are looking for

  • Cannot resolve symbol: class NamespaceContext

    I get the following error when I compile import javax.xml.namespace.NamespaceContext; I have added jar files come with jwsdp-1.3

  • PHP5 SOAP WSDL and Xcelsius 2008 communication error

    Hi, I wood like to use PHP5 Soap server and WSDL for Xcelsius2008. Now Xcelsius 2008 can read WSDL parameters, and data from Xcelsius appear in Soap server, but in the Soap Response is the error message: <?xml version="1.0" encoding="UTF-8"?> <SOAP-E

  • Ios7 control and notification center do not take the background colour,it's plan white and black.hi

    hi when swiping down the notification and the control center,it doesn't take the background colour as shown in the ios 7 videos, instead it's plain white and black-i am using an iphone 4,anybody else with the same issue on their iphone 4 or higher?

  • Entity Framework 64 bit problem

    Hi All, We have a .net 4.0 windows application, in this application we added linq to entities. we run this application on x86 platform successfully but when we change the target platform to x64 and run again, we get invalid provider(System.Data.Provi

  • Black Berry App World Identification error

    Hi I Upgraded my Black  Berry App World but canot do anything with it.once i go in to use it it says " a BlackBerry identity update is needed. would you like to install it now?, then i say yes, it sais contacting blackberry id server, and then it thr