Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
juan_battaglino
New Contributor

GRE Tunnel - MTU packet size

Hi everybody! Just a short question. A customer is asking us if it is possible to change the size of the mtu packets to 1500 in a gre tunnel. As far as I know, there's an overhead at the beginning of these packets depending the type of encryption used, so it wouldn't be possible to do this. Am I right?

 

Thanks in advance.

1 Solution
localhost

Exactly!

Apparently the FG even does a sanity check for you :).

 

GRE over IPv4 has an overhead of IPv4 (20 bytes) and GRE (4 bytes). Makes a maximum tunnel MTU of 1476.

MTU gets even smaller if over you are tunneling over an IPSEC tunnel.

View solution in original post

4 REPLIES 4
juan_battaglino
New Contributor

Anyone please?

localhost

Depends on the underlying interface.

But most likely it's <=1500. So then 1500 is too big for the GRE Tunnel.

juan_battaglino

Thanks for you answer! When we try to set the size to 1500, we get this error message:

FORTI # set mtu 1500

MTU size not valid. Should be in the range of 68 - 1476.

node_check_object fail! for mtu 1500

 

value parse error before '1500'

Command fail. Return code -2

 

So in fact, you can't configure it to 1500 because it adds an overhead to these packets?

localhost

Exactly!

Apparently the FG even does a sanity check for you :).

 

GRE over IPv4 has an overhead of IPv4 (20 bytes) and GRE (4 bytes). Makes a maximum tunnel MTU of 1476.

MTU gets even smaller if over you are tunneling over an IPSEC tunnel.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors