Posts Tagged ‘mtu’
OSPF and MTU Mismatch
What is the difference between using the “system mtu routing 1500” and the “ip ospf mtu-ignore” commands when running OSPF between a router and a switch?
Within the scope of the CCIE Lab Exam, it may be acceptable to issue either of these commands to solve a specific lab task. However, it is key to note that there is a difference between ignoring the MTU for the purpose of OSPF adjacency and matching the MTU within a real production network.
Fragmented IPv4 traffic may cause you a lot of problems in real life. Not only it increases the load on router CPUs, but also impacts applications performance (e.g. TCP needs to re-send the whole packet on a single fragment loss). In addition to that, traffic fragmentation is used in numerous network attacks, allowing an attacker to bypass firewalls or IDSes in some situations. Due to all these reasons, you may want to avoid fragmentation at all and/or ensure your network is insulated from fragmented packets. Unfortunately, there are cases when using IPv4 fragmentation is unavoidable.
Below are a couple example configurations for PPPoE. Note that you can run into MTU issues when trying to use OSPF over PPPoE. This can easily be resolved by using the “ip ospf mtu-ignore” command as the dialer interface’s MTU is 1492 while the virtual-template’s (virtual-access) MTU is 1500.
*** Client *** interface Ethernet0/0 pppoe enable pppoe-client dial-pool-number 1 ! interface Dialer1 ip address 18.104.22.168 255.255.255.0 encapsulation ppp dialer-pool 1 dialer persistent *** Server *** vpdn enable ! vpdn-group CISCO accept-dialin protocol pppoe virtual-template 1 ! interface Ethernet0/0 pppoe enable ! interface Virtual-Template1 ip address 22.214.171.124 255.255.255.0
The next example is using DHCP to assign the client their IP address:
*** Client *** interface Ethernet0/1 pppoe enable pppoe-client dial-pool-number 1 ! interface Dialer1 ip address dhcp encapsulation ppp dialer pool 1 dialer persistent *** Server *** ip dhcp excluded-address 126.96.36.199 188.8.131.52 ! ip dhcp pool MYPOOL network 184.108.40.206 255.255.255.0 ! vpdn enable ! vpdn-group CISCO accept-dialin protocol pppoe virtual-template 1 ! interface Ethernet0/0 pppoe enable ! interface Virtual-Template1 ip address 220.127.116.11 255.255.255.0 peer default ip address dhcp-pool MYPOOL