Home page logo
/

nanog logo nanog mailing list archives

Re: I'm missing 2 bytes (GRE implementation)
From: Daniel Roesen <dr () cluenet de>
Date: Wed, 10 Aug 2011 18:36:43 +0200

On Wed, Aug 10, 2011 at 12:57:44AM +0000, Franck Martin wrote:
I'm using a GRE IPv4 tunnel between a cisco and linux machines

Can you mail:

IOS:
- sh run int TuX
- sh int TuX | i MTU
- sh ip int TuX | i MTU

Linux:
- output of "/sbin/ip link show greX" (or whatever your GRE interface is
  named)

I did some packet capture, and saw that my MTU was 1418

What MTU? Including which overheads? :-)

but the cisco was sending TCP packet with a MSS of 1380.

Using which TCP options? How large was the TCP overhead?

This created a bunch of issues. When I told the cisco box to use a MSS of 1378 everything starting to work fine.

So why Cisco is off by 2 Bytes?

The only GRE options using 2 bytes are GRE checksum and offset. Haven't
seen any of them being used by default by IOS. IOS default GRE payload
MTU traversing an IPv4 MTU 1500 egress interface is 1476 (1500 minus 20
octets IPv4 header, 4 octets GRE header).

But e.g. TCP SACK permit option on SYN packets would be 2 octets.

Does the GRE implementation on Linux uses 2 extra bytes compared to
Cisco (or vice versa)?

Not by default, in my experience.

Best regards,
Daniel

-- 
CLUE-RIPE -- Jabber: dr () cluenet de -- dr () IRCnet -- PGP: 0xA85C8AA0


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]