On Fri, 27 Jul 2018, Tom Herbert wrote:
I don't think that can be called a general approach. Setting MTU to 1400 bytes only avoids fragmentation if all the tunnel headers being inserted are less than 100 bytes. If you start using more tunnel options or the tunnel ingress inserts extension headers then that 100 byte budget may be exceeded may be exceeded. So a requirement to avoid fragmentation in this manner would have to be that the MTU needs to be low enough to account for all possible encapsulation overhead that may be applied to a packet-- the emerging use of in-situ OAM, segment routing, and even just switching from IPv4 to IPv6 for the underlay puts downward pressure on MTUs. Lowering the MTU increase ratio of overhead to user data thus making communications less efficient.
A PLPMTUD mechanism for the tunnel as a complement to regular PMTUD would be enough. OpenVPN doesn't have this, if it did, I would use it.
Fragmentation for tunneling is a special case since tunnels are often used within a controlled network and precisley two fragments are always generated. I know of at least one very large data center that relies on fragmentation for tunneling. It seems to work fine in such an environment and is preferable to lowering the MTU for everyone (even non-tunnels) or turning on jumbo frames (complex to do at large scale).
I run my tunnel over the Internet, using multiple ISPs. I prefer to avoid using IP fragments.
-- Mikael Abrahamsson email: [email protected] _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
