Wednesday, April 17, 2019

Clarification on MTU/MSS for Cisco Router with PPPoE DSL & IPsec VPN

Hello,

I have some Cisco 800 series routers that I took ownership over and my predecessor seems to have followed a guide similar to this for configuring MTU and MSS: https://www.networkstraining.com/adjusting-mss-and-mtu-on-cisco-800-routers-for-pppoe-over-dsl/

I know these questions have probably been asked many times, but I need someone to elaborate further because I have read countless articles and nothing is clicking for me.

Can you please confirm some things for me:

  1. When dealing with IP MTU, the MTU actually refers to the maximum size of the IP datagram (IP Headers, data payload) and link layer protocol headers, and ethernet headers are not included correct? So a 1500 byte MTU is actually 1518bytes with the Ethernet headers.

2) When dealing with PPPoE, most guides mention the preferred MTU is 1492 bytes. So my understanding here is that when setting MTU to 1492 you are basically limiting the IP datagram (IP headers, datapayload) to 1492 bytes, while 8 bytes remains for PPPoE DSL headers (PPP 2, PPPoE 6) and 18 bytes of ethernet headers that not counted. This correct?

3) So when we start throwing IPsec VPN (esp-aes 256 esp-sha-hmac) into the mix, should I now be lowering my MTU on the dialer interface even more, and how much should I account for? My predecessor has the dialer interface on the Cisco 800 series configured as IP MTU 1452, but still has the MSS on the VLAN interface as 1452.



No comments:

Post a Comment