setting the DF bit to 0 on a cisco 6500 not working

[paublo]

I have a GRE tunnel that im clearing the DF bit between two routers. No matter what i do its doesn't seem to be working when i test it.



I'm testing it by sending ICMP echo packets greater than 1500 with the DF bit set to 1, hoping that when the packet hits the physical outgoing interface it gets set to DF 0 and the packets will be fragmented over the tunnel but not matter what i do the icmp test never works.





my config looks like this



route-map clear_tunnel_df_RM, permit, sequence 10

Match clauses:

ip address (access-lists): 178

Set clauses:

ip df 0



Extended IP access list 178

10 permit icmp any any





interface Tunnel7



ip address xxxxxx.9 255.255.255.252

ip hold-time eigrp 1 60

ip tcp adjust-mss 1300

ip ospf cost 5000

ip ospf hello-interval 20

load-interval 30

ipv6 address xxxx:1::1A/126

ipv6 ospf cost 5000

ipv6 ospf 3 area 0

tunnel source x.x.125.94

tunnel destination x.x.0.214

tunnel ttl 35



interface GigabitEthernet5/2



ip address x.x.125.94 255.255.255.252

ip access-group 110 in

ip access-group 111 out

ip flow ingress

ip policy route-map clear_tunnel_df_RM

load-interval 30

speed nonegotiate

service-policy input upstream_incoming_trust_policy





when i ping from a PC connected to a vlan on this router using ping x.x.x.x -l 1510 -f get the packet needs to be fragmented but DF set and it never works. I'm kind of lost as to why this isn't working as it should be a straightforward config.



thanks, Paul

 

[paublo]

nevermind i found the issue, after using wireshark it was clear that i was testing wrong. On my pc the ethernet has an mtu of 1500 and i was ping with 1510 with the DF bit set, to it was not even leaving the local ethernet. After i lowered the mtu (a value higher than the tunnel MTU but lower than the 1500 local ethernet MTU) and set the DF bit to 1 , the FD was set to zero and it worked.