I'm missing 2 bytes (GRE implementation)

Daniel Roesen dr at cluenet.de
Wed Aug 10 16:36:43 UTC 2011

On Wed, Aug 10, 2011 at 12:57:44AM +0000, Franck Martin wrote:
> I'm using a GRE IPv4 tunnel between a cisco and linux machines

Can you mail:

- sh run int TuX
- sh int TuX | i MTU
- sh ip int TuX | i MTU

- output of "/sbin/ip link show greX" (or whatever your GRE interface is

> I did some packet capture, and saw that my MTU was 1418

What MTU? Including which overheads? :-)

> but the cisco was sending TCP packet with a MSS of 1380.

Using which TCP options? How large was the TCP overhead?

> This created a bunch of issues. When I told the cisco box to use a MSS of 1378 everything starting to work fine.
> So why Cisco is off by 2 Bytes?

The only GRE options using 2 bytes are GRE checksum and offset. Haven't
seen any of them being used by default by IOS. IOS default GRE payload
MTU traversing an IPv4 MTU 1500 egress interface is 1476 (1500 minus 20
octets IPv4 header, 4 octets GRE header).

But e.g. TCP SACK permit option on SYN packets would be 2 octets.

> Does the GRE implementation on Linux uses 2 extra bytes compared to
> Cisco (or vice versa)?

Not by default, in my experience.

Best regards,

CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0

More information about the NANOG mailing list