I have a GRE tunnel that im clearing the DF bit between two routers. No matter what i do its doesn't seem to be working when i test it.
I'm testing it by sending ICMP echo packets greater than 1500 with the DF bit set to 1, hoping that when the packet hits the physical outgoing interface it gets set to DF 0 and the packets will be fragmented over the tunnel but not matter what i do the icmp test never works.
my config looks like this
route-map clear_tunnel_df_RM, permit, sequence 10
Match clauses:
ip address (access-lists): 178
Set clauses:
ip df 0
Extended IP access list 178
10 permit icmp any any
interface Tunnel7
ip address xxxxxx.9 255.255.255.252
ip hold-time eigrp 1 60
ip tcp adjust-mss 1300
ip ospf cost 5000
ip ospf hello-interval 20
load-interval 30
ipv6 address xxxx:1::1A/126
ipv6 ospf cost 5000
ipv6 ospf 3 area 0
tunnel source x.x.125.94
tunnel destination x.x.0.214
tunnel ttl 35
interface GigabitEthernet5/2
ip address x.x.125.94 255.255.255.252
ip access-group 110 in
ip access-group 111 out
ip flow ingress
ip policy route-map clear_tunnel_df_RM
load-interval 30
speed nonegotiate
service-policy input upstream_incoming_trust_policy
when i ping from a PC connected to a vlan on this router using ping x.x.x.x -l 1510 -f get the packet needs to be fragmented but DF set and it never works. I'm kind of lost as to why this isn't working as it should be a straightforward config.
thanks, Paul
I'm testing it by sending ICMP echo packets greater than 1500 with the DF bit set to 1, hoping that when the packet hits the physical outgoing interface it gets set to DF 0 and the packets will be fragmented over the tunnel but not matter what i do the icmp test never works.
my config looks like this
route-map clear_tunnel_df_RM, permit, sequence 10
Match clauses:
ip address (access-lists): 178
Set clauses:
ip df 0
Extended IP access list 178
10 permit icmp any any
interface Tunnel7
ip address xxxxxx.9 255.255.255.252
ip hold-time eigrp 1 60
ip tcp adjust-mss 1300
ip ospf cost 5000
ip ospf hello-interval 20
load-interval 30
ipv6 address xxxx:1::1A/126
ipv6 ospf cost 5000
ipv6 ospf 3 area 0
tunnel source x.x.125.94
tunnel destination x.x.0.214
tunnel ttl 35
interface GigabitEthernet5/2
ip address x.x.125.94 255.255.255.252
ip access-group 110 in
ip access-group 111 out
ip flow ingress
ip policy route-map clear_tunnel_df_RM
load-interval 30
speed nonegotiate
service-policy input upstream_incoming_trust_policy
when i ping from a PC connected to a vlan on this router using ping x.x.x.x -l 1510 -f get the packet needs to be fragmented but DF set and it never works. I'm kind of lost as to why this isn't working as it should be a straightforward config.
thanks, Paul