09-03-2014 08:56 PM
Hello,
Can you answer these questions regarding the tunel mtu that appears in the output below?
cstankevitz@PA-500-Local> show vpn flow tunnel-id 27
tunnel Sterling
id: 27
type: IPSec
gateway id: 1
local ip: 164.67.80.124
peer ip: 53.103.78.197
inner interface: tunnel.1
outer interface: ethernet1/5
state: active
session: 20027
tunnel mtu: 1428
1. Who/what computed this MTU?
2. Did the thing that computed this MTU consider the encryption parameters I am using for the tunnel?
3. Why does this MTU value not participate in PMTUD?
4. (Same question as 3) Why does the MTU listed above not appear in a tracepath?
5. (Same question as 3) Why does the MTU listed above not appear in a "show routing fib"?
6. Am I expected to copy the MTU value listed above and paste it as the MTU value for the tunnel interface, overriding the default of 1500?
7. If the answer to (6) is "yes" (which I believe it is), then why didn't the PAN just do it for me?
8. Why would PAN confusingly give a tunnel interface two MTUs:the real MTU on the interface that participates in ICMP and another "fake" MTU that displayed above that does not participate in ICMP?
9. (Same question as 😎 Should the label "tunnel mtu" that appears in the output of "show vpn flow tunnel-id" be renamed to "suggested tunnel mtu"?
Thank you for your help!
Chris
