Problem of MTU

Similar Messages

• L2TP vpdn multihop MTU problem

  Hello,
  I have problem with MTU via L2TP multihop. Has anyone information what is sequence of operation, when tunnel switching is provided ?
  (when packet is switched into second tunnel, is compared with MTU before or after L2TP encapsulation) ?
  Thanks a lot,
  Vladimir

  this document might answer your question,
  http://www.cisco.com/en/US/tech/tk827/tk369/tech_brief09186a00800a43e9.html

• SSLv3 and MTU size

  Hi there,
  in the bank network enviroment between 2 sites (first with the clients and the second with the server) we have performance problems with one application. One point which might be the cause of our problem is MTU size. The application is using SSLv3. The WAN link is encrypted by IPSec. What would be the suitable MTU size configured on the router? What is the size of overhead of SSLv3? What we need to add in terms of MTU size when we use SSLv3?
  Thanks a lot in advance for the answer.
  Regards,
  Jovica

  You need to increase the MSS to more than 812 bytes when using SSLv3. Another way is to change the communication profile ie change the POST.

• Recommendation for IP MTU setting with DMVPN

  I have a dual DMVPN setup which works fine, apart from a performance issue. Its probable that this is a packet fragmentation issue as I'm seeing many reassambled fragments on my encryption routers. The IP MTU value on the tunnel is 1436, as recommend by R Deal in his VPN configuration guide. If I remove the IP MTU 1436 command, and let IOS select its own value that returns 1472 for IP MTU.
  Reading up on Cisco.com various values are mentioned, 1400, and 1440. As this is a production network under change control I'm after recommendations from other working networks, to get this fixed.
  I'm also using MSS adjustment for TCP setting a value of 1360, and have a route-map to clear the DF bit in TCP and UDP frames.
  I'm using IPSec transport mode, and there are no NAT boundaries for the IPSec to cross.

  Hello aacole,
  Although I don't have a problem with MTU as such, performance is an issue. I believe this can be improved by tuning MTU configuration even if it's a little bit. Did you manage to reach optimal working figures and settings for MTU on DMVPN?
  tia
  Ajaz

• 10.7.1 update doesn't fix my internet sharing problem

  I've updated my Macbook (late 2008) to 10.7.1 today. I'm disappointed to find that the internet sharing issue still exists. I can ping websites through it, but wget never work. Google.com is accessible while other sites don't load on my iPod touch and Palm Pre Plus. But it did work fine within seconds after internet sharing was started. And internet sharing on my iMac with 10.6.8 works perfectly.
  I'm using PPPoE to connect to the internet. I guess there are some problems with MTU (maximum transmission unit).
  Don't tell me to change wifi channel or set password, it doesn't help.

  m4sheikh wrote:
  Internet sharing worked on 10.7 after doing 1 tweak, that is by changing my Computer Name in internet sharing to something else other than the default one... however after upgrading to 10.7.1, the upgrade would mess up with the same tweaks again. It brought my Computer Name to its default, however when I clicked on edit it would give the changed name... I noticed that it has something to do with the IP Address but in any case I did the following and it works again for me on 10.7.1:
  1) Go to System Preferences>Sharing and click on Internet Sharing (don't 'tick' it yet!)
  2) After upgrading to 10.7.1, the Computer Name displayed on the Internet Sharing Screen would revert to the original, i.e. YourName's MacBook Pro. However, upon click edit next to the space where you can enter your Computer Name, it would give the name I had given while I was on 10.7.
  3) Now you just have to make sure that both names are identical (do not use the default name YourName's MacBook Pro). Please see snapshot below (yes, my Computer Name is 'Network-Error', so don't be surprised:))!
  4) Once you have confirmed that both names are identical, you are set to go and you may 'tick' the Internet Sharing option
  5) An arrow facing upwards will appear instead of the wireless icon on the top tray and your device such as an iPhone should connect without any issues (an IP address will be given).
  Note: the other options that I have kept in the Wi-Fi Options tab are as follows:
  1) Network Name: should be identical to the one you have entered above
  2) Channel: 11
  3) Security: 40-bit WEP
  4) Password: I've entered a five-digit password that contains numbers
  To confirm that its working for me, I've added a screenshot from my iPhone below:
  It doesn't work for me. Thanks anyway.

• Problems with running EIGRP as PE-CE routing protocol 2

  Dear all,
  I am facing with the exact problem as a previous user of running EIGRP as the PE-CE routing protocol for a MPLS VPN customer, but in different hardware.  The PE router is a 7609-S RSP720-3CXL-GE  running IOS 12.2(33)SRC3.
  (When I have 33 prefixes or more in the VRF table on the PE, and I try to advertise this network to the CE router (by redistributing BGP into EIGRP), the EIGRP process begins to flap.
  I can't advertise prefix more that 32 subnets at a time why?????
  The very weird part here, is that when I do debug ip eigrp on the PE and the CE, I can see that the PE router is sending the routes to the CE, but on the CE I can see nothing.)
  In my case there is 16 prefixes. When redistributing BGP into EIGRP on allready adjasent EIGRP neighbors everything works perfect, until some side clears it then it begans flaping. On PE router debug is show "retry limit exceeded" ,on CE  "Interface Goodbye received"
  If solution will be same what software should I use?
  Thanks,
  George Shiukashvili

  George,
  Let me ask a few questions:
  What is the link layer technology that interconnects the PE and CE that are currently experiencing these issues?
  Are there any devices inside the PE-CE path that could at least possibly (and randomly) block multicasts and/or large packets?
  Is it possible to modify the EIGRP configuration both on PE and CE to manual neighbor definition using the neighbor commands? This would force all EIGRP comunication between the PE and CE to run as unicast, possibly avoiding some issues with multicast packet delivery.
  Is it possible for you to post some show commands from both the PE and CE? I would be interested in seeing the show ip interface, show interfaces, show running-config interface regarding the particular interfaces on PE and CE that connect to each other, and also, I would like to see the EIGRP configuration on both devices.
  I agree with the assessment of Mahesh - the preliminary information we have suggest that either the PE packets are not arriving at the CE, or the ACK packets from CE are not arriving back at the PE. Your own debug analysis furthermore revealed that there are no EIGRP Update packets arriving from the PE at the CE. Problems with MTU could indeed cause these problems but it is necessary to inspect the entire path between PE and CE.
  Best regards,
  Peter

• Internet is too slow on mac osx

  i use boot camp .... internet on windows = blazing fast. internet on mac osx = crap, always losing connection and can't stream videos. I find myself booting into windows 10 times to every one time i boot into osx. seriously. really?? i paid a premium for what? eye candy?

  There's nothing specific about Mac OS X that would cause it to be 'slow' when networking. I (and I'm sure lots of others here as well) have many Macs owned over several years which are blazingly fast using the network.
  If your network is slow, there's got to be a specific reason. We can probably help you isolate the various causes and find out what is causing it to behave so slowly.
  I do not know what level of expertise you have when working with computers or networks so I will try to be specific. If we are to help you, you will need to be specific and accurate when responding. Vague answers from you will only net vague guesses from us. Specific answers from you will likely result in our being able to provide you with specific suggestions and fixes.
  If the Mac is fast when running Windows, but slow when running OS X then it's not likely that you actually have a hardware defect (bad network interface, disconnected wifi antenna, etc. as these problems would manifest whether running OS X or Windows on the same hardware.
  First, tell us about your Mac and your network. Which Mac model do you have? How much memory does it have? What OS version is it running? If you run "Software Update" is this Mac fully and completely up-to-date with the latest patches?
  A long while back there was a known bug in Leopard that would cause a MacBook Pro to be slow if using a wireless network while on battery power (it would be fast if connected to AC power). That was patched long ago. (hence my interest in which OS revision you are running and whether it is fully patched)
  What brand & model network router are you using?
  What type of network connection are you using on your Mac? Are you using a physical ethernet connection (you plug in a network cable) or are you using wireless? What type of ISP do you have and what is the nature of the connection (cable, DSL, wireless, satellite?)
  In "System Preferences" -> "Network", select your active network interface (typically either "Ethernet" or "Airport"), then select the "Advanced..." button in the lower right corner. On the next select the "Ethernet" tab across the top (usually the far-right). Is "Configure:" set to "Automatically"? Is the "MTU:" show a grayed out value that reads "Standard (1500)"? If not, what values do you see?
  Next
  Start "Network Utility" (it's under "Applications" -> "Utilities"), go to the "Info" tab, select your active network interface (probably ether "Ethernet (en0)" or "Airport (en1)").
  What is the "Link Speed" of your connection?
  On the right side of the Network Utility "Info" tab are some "Transfer Statistics", including a count of "Send Errors" and "Recv Errors". These are typically very small numbers (usually single-digit values) and do +not necessarily+ mean there is a problem. TCP/IP networking was specifically designed to allow for errors, dropped packets, lost packets, time-outs, etc. and still be able to function without causing problems for the operating system or it's applications (errors are automatically detected and corrected -- usually by retransmitting the troubled packets). These do not necessarily mean there is a problem with your computer... an error, congestion, router problem, etc. anywhere in the network can cause these. With that in mind, what is your total number of sent packets and how many send errors do you have? What is your total number of received packets and how many receive errors do you have? (as an example, my system has over 4 million packets sent and 0 errors, but about 3.3 million packets received and 5 errors -- another mac I checked happens to have 6 send and receive errors. As I said... very small numbers and especially when considering the total number of packets sent or received. If your numbers are large (4 digit values, etc.) then there may be a problem.
  Next
  I'd like to isolate and test the quality of the connection between your Mac and your router (ignoring the rest of the Internet). If the connection between those two components is solid and healthy, then any slow down would be a problem elsewhere in the network and not, specifically, your Mac.
  There is something called "MTU" (maximum transmission unit) that I wont get into just now. A problem with MTU can cause slow delivery of packets on what should be a blazingly fast network in otherwise excellent health, but I'll set that aside for now. 99.9% of the time you should never attempt to alter the MTU.
  Go into "System Preferences" -> "Network", select your network interface (either Ethernet or Airport -- whichever you happen to be using) then note the value displayed for "Router:"
  Back in "Network Utility", select the "Ping" tab and type in the value displayed for your Router (which you noted above) into the box labeled "Enter the network address to ping." Usually this is a number that looks like "192.168.1.1" or "192.168.0.1" or "10.0.0.1", etc. (almost always ends with a ".1". After entering the number, verify that you have select "Send only [10] pings" (that's the default), then click "Ping" to start the test.
  What was the min/average/max/stddev values reported at the end of the ping? On a healthy wired network, the values will typically be less than .5 milliseconds. On a healthy wireless network the values will typically be in the 2-4ms range.
  Your answers to these questions will help us rule IN or rule OUT various possible causes.

• WRT54G v6 Help needed!

  Okay, I have a wrt54g v6 router that I use for 2 computers and an xbox (xbox live). Im getting an intermittent signal on all my devices and I have no clue as to why. All of my devices are connected via ethernet cable so I know its not wireless interference and i've changed everything I can think of that would cause this problem, firmware, MTU size, etc. I even created a static ip for my xbox. But the router is still getting degraded signals, the only thing I havent really done is uncheck all the boxes on my router firewall but to me that wouldn't do anything but allow more access to my already crappy network. If anyone has a solution or knows whats going on that would be so so helpful, thank you very much.

  You might need to upgrade the firmware of the router as is normal for most WRT54G v6 routers.
  Verify the router firmware version
  1) click on start ---> run (type in cmd)
  2) on the DOS Prompt (type in ipconfig)
  ► take note of the default gateway value
  3) open up Internet Explorer and type in the default gateway value
  4) username: leave it blank password: admin
  5) go to the status tab: verify the firmware version
  ► if it's below 1.00.9 (i.e 1.00.0, 1.00.1, 1.00.4, 1.00.6, 1.00.7) then the router definitely needs an upgrade.
  To upgrade the firmware:
  1) download the firmware from www.linksys.com/downloads Look for your product model number from the list (i.e WRT54G v5)
  2) save the file on your desktop
  3) access the 192.168.1.1 page again
  4) go to Administration - firmware upgrade
  5) browse for the downloaded file and upgrade.
  ► Press the reset button of the router for 30 seconds and powercycle (i.e turn on and turn off the router).
  ► Reconfigure the router as per ISP settings.

• RDP conn fails thru AnyConnect

  I have an issue that I believe IS NOT ASA or AnyConnect related, but I need to ask the support comm. just the same.
  ASA5510 8.2(5) OS; AnyConn Windows 2.5.2017
  RDP PC client - Win7 Pro 64-bit
  I can make the VPN conn to the ASA
  I can ping any pingable IP on the protected net
  I can RDP to a W2k8 64-bit server (domain-controller)
  I cannot RDP to a W2k3 server (WTS) - I don't even get the Microsoft domain login screen - just times out.
  I am connecting to both by IP address to preclude DNS issues.
  From a 32-bit OS PC I can RDP to either.
  Suggestions?
  Thx,
  Phil

  Phil
  Thanks for posting back to the forum that the problem turned out to be MTU. I read your description of the problem and it certainly did not look to me like a problem with MTU. But one of the nice things about the forum is being reminded of the variety of things that can cause problems.
  HTH
  Rick

• VPN Server broken with Windows after upgrade from Tiger.

  Hey there
  I use Tiger 10.4 Server on a PowerMac G4.
  It has two network interfaces, one public facing with it's own static IP, and the other internal facing.
  The VPN service works perfectly, and allows people to connect via L2TP and assignes them an IP on the internal facing subnet, and allows OS X and Windows clients to connect.
  However after upgrading to Leopard, only Mac clients can connect, all the Windows clients connect, and although they get an IP and are able to ping destinations, attempts to connect to these destinations (some of which are web apps on port 80, others are file servers running Samba), they just sit waiting for ever.
  I've experimented with this problem, and it appears to be a problem with MTU and packet fragmentation, however these settings appear to be the same between Tiger, which worked, and Leopard which does not work.
  Does anyone have any experience with the new VPN Server in Leopard, and can offer me any advice on how to fix this problem? I'm currently downgraded to Tiger again until a fix can be found.

  I had the same issue, among others, but I finally got everything to work eventually. It seems that if the IP range of the client connecting to VPN is in the same range of the server LAN, there will be connectivity issues, whether it be pcs and/or macs not being able to connect. The following set up got my VPN services working:
  1. Get DNS and Open Directory working properly. When I did an upgrade, the Server Admin updated my zone files with a curious extra space, which killed DNS. For example, I had the name server as ns.company.private., but in the files it would say ns. company.private everywhere! I've been reading about various bugs in upgrading DNS, so I think it's best just to start DNS from scratch. But if you are upgrading, the following thread expalins how to go about setting up DNS and Open Directory: http://discussions.apple.com/thread.jspa?messageID=5957209&#5957209
  2. Once you have Open directory users and dns working properly, then set up VPN. Give a unique IP range to the internal network (192.168.7.1/24) that other networks will not emulate. If you use 192.168.1.1, you will likely run into issues. You can always test this method out by changing the IP range from a remote location and trying to get in this way instead of changing the server. Also, be aware that if you use Gateway Assistant within NAT, it will automatically give you a 192.168.1.1/24 range, at least that's been my experience, and this always killed VPN for me. I would set up NAT manually to avoid problems.
  3. Ensure that the DNS information under the Client Information tab is correct. For my server I have 192.168.9.1 as the nameserver, and company.private as the search domain. Then set up routing tables. Mine are 192.168.0.0:255.255.0.0 private and 0.0.0.0:0.0.0.0 public.
  Also, when you restart the server, stop and restart VPN services, as there is some talk about the Tiger bug still being around, where VPN services are messed up upon startup. This all worked for me and a couple others that had similar server set ups. Hopefully this will work for you.

• Don't Fragment bit ?

  Hi all !
  Doing some TCP captures, I noticed that all packets originating from the Ironport's have the "Don't Fragment" Bit set...
  Is this normal / wanted ? Can this be disabled ? (I suspect this is causing problems in some situations...)
  Could these two topics also be affected by the DF bit :
  - https://www.ironportnation.com/forums/viewtopic.php?t=1009&highlight=tcp+settings
  - https://www.ironportnation.com/forums/viewtopic.php?t=898&highlight=tcp+settings
  Thanks and regards,
  Fred

  Welcome to the world of MTU Path Discovery.
  By setting the DF bit the IronPort - like most modern OSes (ie, anything beyond about 1995!) - will attempt to determine the optimum MTU (Maximum Transfer Unit - basically the maximum packet size) allowed for the complete path between the sending and receiving hosts.
  Determining the MTU is a good thing, and means that packets don't need to be fragmented by an intermediary host, which in turn gives the best possible performance.
  The problem with MTU Path Discovery is that some admins get over zealous about security, and do silly things. The most common "silly thing" that admins do in this respect is that they drop all ICMP traffic, on the basis that all ICMP traffic is bad.
  In fact this couldn't be further from the truth. ICMP is critical to the correct operation of TCP (and other protocols), and by blocking certain ICMP packets admins often end up breaking other protocols, such as TCP.
  Whilst there may be valid reasons to block certain type of ICMP messages (eg, ping packets, redirects, etc) there are some types of ICMP which should never be blocked. The most obvious of these is ICMP Type 3, code 4 which is "Fragmentation required but DF bit set", which is the one that breaks MTU Path Discovery if it's turned off. Most of the rest of Type 3 are also good to allow.

• Low ftp upload

  I am trying to upload a 7 GB file to an ftp server for Parallels tech support to review. The upload was going much more slowly than the 518 Kb/s rate promised by ATT. After finding that ATT had not done the DSL upgrade we ordered and getting that complete, the test now show that we are getting the promised performance from ATT. I started the upload again and for about one minute got an upload rate of 300+ Kbs then is dropped back to 55-60. I tried 2x more with only the slow rate. The computer in question is an intel imac running 11.4.11 and it is connect directly to the netopia 3346N-002 ADSL modem. The support material for netopia seems to say something about the settings on the mac but I am not quite following. I also followed another thread on here and downloaded and installed rBrowser but have no idea what to do with it to test ftp connection. The ftp connection to Parallels is through terminal commands, which netopia mentions as being a problem with MTU and packets. Any help would be great, thank you.

  The following is what the terminal looks like.
  I was finally able to copy.
  I turned off the Firewall.
  I realized it took the password. I used 1462 from instructions downloaded from Netopia.
  Any other thoughts, thank you for your patience and assistance.
  Last login: Mon Mar 31 14:06:56 on ttyp1
  Welcome to Darwin!
  kathleen-hallrens-powerbook-g4-12:~ hallren$ sudo ifconfig en1 mtu 1462
  WARNING: Improper use of the sudo command could lead to data loss
  or the deletion of important system files. Please double-check your
  typing when using sudo. Type "man sudo" for more information.
  To proceed, enter your password, or type Ctrl-C to abort.
  Password:
  kathleen-hallrens-powerbook-g4-12:~ hallren$ cd ~/Documents
  kathleen-hallrens-powerbook-g4-12:~/Documents hallren$ ftp ftp://[email protected]/support/
  Connected to ftp.parallels.com.
  220 64.131.89.10 FTP server ready
  331 Password required for supporter.
  Password:
  230 User supporter logged in.
  Remote system type is UNIX.
  Using binary mode to transfer files.
  200 Type set to I
  250 CWD command successful
  ftp> cd new
  250 CWD command successful
  ftp> msend winxp.hdd
  msend winxp.hdd [anpqy?]? y
  229 Entering Extended Passive Mode (|||56690|)
  150 Opening BINARY mode data connection for winxp.hdd
  0% | | 127 KB 127.90 KB/s 16:47:16 ETAy
  0% | | 1535 KB 56.88 KB/s 37:44:21 ETA

• Unresponsive ON-100

  I have an ON-100 that we pulled from a clients location that will not repsond to activation or hard reset.
  I have held the reset for more than 30sec's and released without flashing red lights.
  I only get orange lights. I get an IP address from DHCP, but I cannot get any responce from the device... thats if im trying to connect to it correctly.
  http:\\{IPaddress}\index.html
  Any trick to bring this ON-100 back to life or is it bricked?
  Thanks.

  Hi Nick,
  While hardware is sometimes to blame, we've seen very few incidents of bricked ON100s to date. The most common problems with ON100 retrieving the factory load over the net tends to be an overly-aggressive firewall preventing the download, or occasionally a problem with MTU on a network. Sometimes just putting the ON100 onto a different network can work around these issues.
  Also, you can try surfing to http://{IPaddress}:81 [note the forward slashes] to the ON100 and see if you are seeing any signs of life and status from it, the ON100 should be now trying to retreive a factory load whenever it boots until it does so successfully.
  Also have a look at this thread for some hints:
  https://supportforums.cisco.com/message/3739967#3739967
  -mike

• Mail and joined pictures

  When I join lots of pictures (.pdf) to a mail, the files open completely, i'm bound to put each of them as an icon. Is there a way to keep them out of the message itself ? or to keep them permantly as icons ?
  Thank you for your help

  And how are you connected, please?
  Verizon used to be known to have some problems with MTU (maximum transmission unit), and this results when the computer sends larger packets of info, too quickly for the way the connection is set up. This might be an issue with MTU (maximum transmission unit). See the following support document for methods of diagnosing this:
  http://docs.info.apple.com/article.html?artnum=303192
  If lowering the MTU manually works, then we can look for other ways to fully accomplish the correct balance, which might include shutting down modem, router, and other elements of the network and then repowering.
  I have not seen the problem with MTU and Snow Leopard, but did with some people and Leopard. But your change of ISP makes it a good idea to investigate this.
  Ernie

• SL, mail and sending pictures

  Since I got a new mac with snow leopard sending pictures have been acting weird. When I attach a picture the large size is as big as the medium. And most of the time the receiver only gets half the picture and bottom half is gray. I've re saved and sent it several different ways and after 3-4 tries it might work at the receiving end. WHAT'S UP??

  And how are you connected, please?
  Verizon used to be known to have some problems with MTU (maximum transmission unit), and this results when the computer sends larger packets of info, too quickly for the way the connection is set up. This might be an issue with MTU (maximum transmission unit). See the following support document for methods of diagnosing this:
  http://docs.info.apple.com/article.html?artnum=303192
  If lowering the MTU manually works, then we can look for other ways to fully accomplish the correct balance, which might include shutting down modem, router, and other elements of the network and then repowering.
  I have not seen the problem with MTU and Snow Leopard, but did with some people and Leopard. But your change of ISP makes it a good idea to investigate this.
  Ernie