Hi Neale, Thanks for the response. Is there any CLI to set MTU on the tunnel interface (ipip0)?
On Fri, Jul 16, 2021 at 5:32 PM Neale Ranns <ne...@graphiant.com> wrote: > > > Hi Vijay, > > > > No, the ESP encrypt code does not account for the egress interface’s MTU. > the outer/encapped packet will be fragmented at the phy. > > > > But for a route based VPN, where you are protecting a tunnel with an SA, > then the encrypt/encap happens after any fragmentation by the tunnel > interface. So if you set the MTU of the tunnel to account for the ESP > encap, then you achieve inner packet fragmentation. > > > > /neale > > > > *From: *vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> on behalf of Vijay > Kumar via lists.fd.io <vjkumar2003=gmail....@lists.fd.io> > *Date: *Friday, 16 July 2021 at 12:00 > *To: *vpp-dev <vpp-dev@lists.fd.io> > *Subject: *[vpp-dev] Does VPP IPSec support inner fragementation > > Hi, > > > > Does VPP IPSec support fragmentation of the traffic. I mean if VPP finds > that the size of the inner IP datagram with or without adding ESP headers > is going to be greater than the size of MTU then does VPP fragment packet? > > > > > > > > Regards >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19808): https://lists.fd.io/g/vpp-dev/message/19808 Mute This Topic: https://lists.fd.io/mt/84245445/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
