IP MTU on gif and gre interfaces (with and without IPSec encryption)
Victor Sudakov
vas at sibptus.ru
Mon Mar 23 09:26:49 UTC 2020
Victor Sudakov wrote:
> Patrick M. Hausen wrote:
> >
> > > Am 23.03.2020 um 06:00 schrieb Victor Sudakov <vas at sibptus.ru>:
> > > I've noticed that a newly created gre0 interface has the expected "mtu 1476"
> > > value, but a newly created gif0 interface has "mtu 1280", why would the
> > > default be so low?
> >
> > gif is frequently used as the innermost encapsulation like in gif tunnel
> > across host mode IPsec. Then there might be PPPoE, too. Possibly a
> > VLAN tag ...
>
> Please correct me if I'm wrong:
>
> - ESP overhead - 40 bytes
> - UDP encapsulation of ESP (udp/4500): 8 bytes
> - PPPoE overhead - 8 bytes (?)
> - A VLAN tag just increases the max frame size, it does not reduce the IP MTU.
>
> So we could keep the safe default for gif(4) at 1500-40-8-8=1444 bytes.
> OK, at 1400 as for if_ipsec. But not at 1280!
I should probably have counted the 20 bytes of the additional IP header
which results in 1500-40-8-8-20=1424.
So 1400 is really safe.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200323/f10ddc4d/attachment.sig>
More information about the freebsd-net
mailing list