Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cisco: NSP

Improve VPN performance by reducing MTU via DHCP?

 

 

Cisco nsp RSS feed   Index | Next | Previous | View Threaded


vincent at autempspourmoi

Jun 7, 2007, 7:27 AM

Post #1 of 6 (1318 views)
Permalink
Improve VPN performance by reducing MTU via DHCP?

Hello list,



our company is about to build a corporate European network over VPNs, and a
colleague of mine read somewhere that VPN performance can be improved by
changing the MTU of workstations (this seems to be an option of DHCP
server). In this way, the encapsulated packets are not bigger than 1500
bytes, and no fragmentation is required, hence improving performance.



Does that sound good to you? Anybody ever tried this? Can you think of any
side effect of changing the MTU of all PCs?



Vincent

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


ploopster at gmail

Jun 7, 2007, 8:05 AM

Post #2 of 6 (1269 views)
Permalink
Re: Improve VPN performance by reducing MTU via DHCP? [In reply to]

Vincent De Keyzer wrote:
> Does that sound good to you? Anybody ever tried this? Can you think of any
> side effect of changing the MTU of all PCs?

A lot of people have to do something similar when using PPPoE, which
uses an MTU of 1492.

You also have the option of activating MSS-Clamping on the Cisco. That
way, you don't have to go around changing the MTU on all of your devices.

Peace... Sridhar
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


vinny at tellurian

Jun 7, 2007, 8:05 AM

Post #3 of 6 (1273 views)
Permalink
Re: Improve VPN performance by reducing MTU via DHCP? [In reply to]

It is advisable that you change the MSS value on the interface that
connects to the segment with your workstations. This is usually the
recommended way to achieve this.

On the interface:

ip tcp adjust-mss 1200

This is assuming an IOS based device. If you have a PIX/ASA, you must
use the equivalent sysopt command.

or whatever value you want to set the maximum segment size to. The
default is usually 1460. If you know the overhead of the VPN, just
subtract that and set the result as your value. You probably want to set
it a little lower just in case an MTU problem on the transport between
VPN endpoints crops up at some point in time or something else
unexpectedly adds overhead to the tunnel. TAC frequently recommends 1200
in a lot of situations but that of course is not optimal and YMMV.

Vincent De Keyzer wrote:
> Hello list,
>
>
>
> our company is about to build a corporate European network over VPNs, and a
> colleague of mine read somewhere that VPN performance can be improved by
> changing the MTU of workstations (this seems to be an option of DHCP
> server). In this way, the encapsulated packets are not bigger than 1500
> bytes, and no fragmentation is required, hence improving performance.
>
>
>
> Does that sound good to you? Anybody ever tried this? Can you think of any
> side effect of changing the MTU of all PCs?
>
>
>
> Vincent
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

--

Vinny Abello
Network Engineer
vinny [at] tellurian
(973)940-6100
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN

"Courage is resistance to fear, mastery of fear - not absence of fear"
-- Mark Twain
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


rodunn at cisco

Jun 7, 2007, 9:29 AM

Post #4 of 6 (1267 views)
Permalink
Re: Improve VPN performance by reducing MTU via DHCP? [In reply to]

True. The only drawback of that is that only applies to TCP so
your udp still has the issue.

Personally, if I were designing it and had a way to force
all my workstations down I would strongly consider it if their
main data transport is over some form of tunneled infrastructure.

The performance loss by not being able to send the extra 20 bytes
per frame on a local LAN would probably never be noticed.

Rodney



On Thu, Jun 07, 2007 at 11:05:00AM -0400, Sridhar Ayengar wrote:
> Vincent De Keyzer wrote:
> > Does that sound good to you? Anybody ever tried this? Can you think of any
> > side effect of changing the MTU of all PCs?
>
> A lot of people have to do something similar when using PPPoE, which
> uses an MTU of 1492.
>
> You also have the option of activating MSS-Clamping on the Cisco. That
> way, you don't have to go around changing the MTU on all of your devices.
>
> Peace... Sridhar
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


ploopster at gmail

Jun 7, 2007, 9:41 AM

Post #5 of 6 (1272 views)
Permalink
Re: Improve VPN performance by reducing MTU via DHCP? [In reply to]

Rodney Dunn wrote:
> True. The only drawback of that is that only applies to TCP so
> your udp still has the issue.
>
> Personally, if I were designing it and had a way to force
> all my workstations down I would strongly consider it if their
> main data transport is over some form of tunneled infrastructure.

Of course, that would be optimal, and he did mention that the
connections were VPNs. That would lend itself to something like what
you suggest fairly easily.

Peace... Sridhar

> The performance loss by not being able to send the extra 20 bytes
> per frame on a local LAN would probably never be noticed.
>
> Rodney
>
>
>
> On Thu, Jun 07, 2007 at 11:05:00AM -0400, Sridhar Ayengar wrote:
>> Vincent De Keyzer wrote:
>>> Does that sound good to you? Anybody ever tried this? Can you think of any
>>> side effect of changing the MTU of all PCs?
>> A lot of people have to do something similar when using PPPoE, which
>> uses an MTU of 1492.
>>
>> You also have the option of activating MSS-Clamping on the Cisco. That
>> way, you don't have to go around changing the MTU on all of your devices.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


tedm at toybox

Jun 9, 2007, 1:22 PM

Post #6 of 6 (1259 views)
Permalink
Re: Improve VPN performance by reducing MTU via DHCP? [In reply to]

I don't think windows clients pay attention to the mtu size
option from dhcp.

ethernet is 1500 bytes so unless your running token ring, your
workstations won't generate larger then 1500 byte packets anyway.

There are a lot of things you can do that in theory will work
but in practice do not. Playing around with MTU size, in my
experience, is one of these things.

Ted

> -----Original Message-----
> From: cisco-nsp-bounces [at] puck
> [mailto:cisco-nsp-bounces [at] puck]On Behalf Of Vincent De Keyzer
> Sent: Thursday, June 07, 2007 7:27 AM
> To: cisco-nsp [at] puck
> Subject: [c-nsp] Improve VPN performance by reducing MTU via DHCP?
>
>
> Hello list,
>
>
>
> our company is about to build a corporate European network over
> VPNs, and a
> colleague of mine read somewhere that VPN performance can be improved by
> changing the MTU of workstations (this seems to be an option of DHCP
> server). In this way, the encapsulated packets are not bigger than 1500
> bytes, and no fragmentation is required, hence improving performance.
>
>
>
> Does that sound good to you? Anybody ever tried this? Can you think of any
> side effect of changing the MTU of all PCs?
>
>
>
> Vincent
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Cisco nsp RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.