If you are not doing SAN stuff, or very large file transfers within the collision domain - enabling Jumbo is likely to cause a crappier performance than leaving it at the standard 1500MTU - because, the router or receiving device will tell the sender to fragment, your packet will be split in half, this retransmit attempt will happen several times till the MTU is met - then as the "knowledge" of this expires your device will have to do that over and over.. causing a ton of extra traffic on your network.. so, if you don't have a requirement to use large MTU, then turn it off - i suspect there are mechanisms in the vpn software that either ignores large packets (because they are not to be routed) or just can't handle fragmentation at that level
________________________________ From: Paul Theodoropoulos [[email protected]] Sent: Friday, October 25, 2013 1:15 PM To: Thomas Stokkeland; [email protected] Subject: Re: [vpn-help] No connect when configured for jumbo frames Except that all of my other connectivity was unaffected, which is why I posted to the list. It seemed specific to shrew. But I did a little further reading, and it does seem that jumbo's simply aren't relevant outside of LAN-to-LAN communication, so it's fairly pointless to use them outside of that need. On 10/25/13, 5:09 AM, Thomas Stokkeland wrote: I dont know anything about Jumbo's in the context of IPSec - but in general, Jumbo's is only for SAN traffic, a packet larger than 1500 is generally not routable - so it makes sense to me that a large MTU will break any type of connectivity on layer 3 outside the local subnet and collision domain. On 10/25/2013 2:56 AM, Paul Theodoropoulos wrote: Just discovered purely by accident that if I configure my ethernet adapter to use 9k jumbo frames (same as my gb ethernet switch supports), Shrew will 'reliably' fail to establish any part of a connection. Reconfiguring the adapter to jumbo frames disabled restores ability to connect. Odd. Thoughts? _______________________________________________ vpn-help mailing list [email protected]<mailto:[email protected]> https://lists.shrew.net/mailman/listinfo/vpn-help -- Paul Theodoropoulos www.anastrophe.com<http://www.anastrophe.com>
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
