[vpn-help] No connect when configured for jumbo frames
Thomas Stokkeland
thomas.stokkeland at mobileheartbeat.com
Fri Oct 25 13:18:41 CDT 2013
If you are not doing SAN stuff, or very large file transfers within the collision domain - enabling Jumbo is likely to cause a crappier performance than leaving it at the standard 1500MTU - because, the router or receiving device will tell the sender to fragment, your packet will be split in half, this retransmit attempt will happen several times till the MTU is met - then as the "knowledge" of this expires your device will have to do that over and over.. causing a ton of extra traffic on your network.. so, if you don't have a requirement to use large MTU, then turn it off - i suspect there are mechanisms in the vpn software that either ignores large packets (because they are not to be routed) or just can't handle fragmentation at that level
________________________________
From: Paul Theodoropoulos [paul at anastrophe.com]
Sent: Friday, October 25, 2013 1:15 PM
To: Thomas Stokkeland; vpn-help at lists.shrew.net
Subject: Re: [vpn-help] No connect when configured for jumbo frames
Except that all of my other connectivity was unaffected, which is why I posted to the list. It seemed specific to shrew. But I did a little further reading, and it does seem that jumbo's simply aren't relevant outside of LAN-to-LAN communication, so it's fairly pointless to use them outside of that need.
On 10/25/13, 5:09 AM, Thomas Stokkeland wrote:
I dont know anything about Jumbo's in the context of IPSec - but in general, Jumbo's is only for SAN traffic, a packet larger than 1500 is generally not routable - so it makes sense to me that a large MTU will break any type of connectivity on layer 3 outside the local subnet and collision domain.
On 10/25/2013 2:56 AM, Paul Theodoropoulos wrote:
Just discovered purely by accident that if I configure my ethernet adapter to use 9k jumbo frames (same as my gb ethernet switch supports), Shrew will 'reliably' fail to establish any part of a connection. Reconfiguring the adapter to jumbo frames disabled restores ability to connect.
Odd. Thoughts?
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net<mailto:vpn-help at lists.shrew.net>
https://lists.shrew.net/mailman/listinfo/vpn-help
--
Paul Theodoropoulos
www.anastrophe.com<http://www.anastrophe.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20131025/d226b6fc/attachment.html>
More information about the vpn-help
mailing list