[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures



Joel,

> It has been years since I had to deploy those, so I do not know what
> hacks people are using to make the applications work.

The hacks usually are:

* Setting manually the right MTU on the host. Pain like hell as you are never sure what to set to be optimal.

* Setting MTU on CE and fragment there in case of IPSec VPNs

* Setting mpls MTU on PEs and fragment there. To add there are knobs to overwrite DF bit if set pretty much blindly.

But just to add the MTU issue is not only related to tunneling. We pretty much have the same issue to run over DSL transport. And AFAIK there is no automation to fix it. The manual labor to set it correctly is not trival .. Example: http://www.dslreports.com/faq/5793 And this is only on the DSL single p2p link.

The above procedure for sure will not work on the Internet wide tunneling as the links given tunnel takes may be changing dynamically.

Cheers,
R.


With regard to Mobile-IP, it is not being used much as originally
envisioned.  However, it is beign used quite heavily by a number of
technologies with mobility needs.

While there are provider based VPNs, some (maybe even many) of which use
MPLS, there are also lots of CE based VPNs which use other technologies
(IPSec for one example, but there are many others.)
It has been years since I had to deploy those, so I do not know what
hacks people are using to make the applications work.  But most
customers do assume that the apps work.  And they seem to be correct.

Yours,
Joel

Tony Li wrote:
Firstly, while there are many concerns about the way Mobile-IP works,
folks don't complain about applications not working over MIP, even MIPv4
(which requires tunnels.)

Can I ask, how broadly are people using MIP?  I don't know of anyone
using it today.


Secondly, there are a lot of VPNs.  Many of them provided by
middleboxes.  They seem to use tunnels exactly the way the proposals on
the table do.  And they seem to work.  With a wide range of applications.
Is there some other dimension here that explains the mismatch?

How many of those VPNs are based on MPLS?

I think I can tell you without violating too many corporate secrets that
anytime Cisco sees a customer deploying an L3 tunneling solution that
the MTU is an issue, usually resolved by a manual workaround.

Tony


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg



--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg