Richard P. Koett wrote:
I notice that we're receiving some fragmented packets, however. It's
not a big deal but I'd like to see if things can be better optimized
(and learn a bit in the process). I understand the basic concept of MTU
but it's not something I usually have to tinker with. I'm hoping
someone might care to answer a couple of questions for me:
1) Can anyone recommend some good reference materials on this subject?
RFC 1191. (Yes, it will probably be easier to understand that a one-page
explanation in a textbook)
2) Given that I only have control over the OpenBSD end of this VPN
connection, (the other end being a Cisco 7200 VXR), is it even
possible to eliminate fragmentation issues?
Yes, but depends on the implementation of the involved systems. One
hand, the VPN tunnels should be clever enough to process the ICMP error
messages they receive, keeping in mind the fact you are tunneling packets.
On the other hand, if the involved routers only include the (entire IP
header + 64 bits of original payload) actually required by the IETF
specs, even if the tunnel machines are clever enough, they won't have
the information to demultiplex the messages accordingly.
--
Fernando Gont
e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED]
