[Swan] ipsec packet fragmentation
Xinwei Hong
xhong at skytap.com
Fri Mar 24 03:54:57 UTC 2017
Thank you Paul.
It turns out that we do have some other issue. We somehow could not repro
it later and things look fine now.
Thanks,
Xinwei
On Thu, Mar 23, 2017 at 8:25 PM, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 21 Mar 2017, Xinwei Hong wrote:
>
> We noticed that the packets are fragmented around 332bytes (raw data about
>> 244B). This value is much smaller
>> than what we expected and it affects performance. Is this configurable? I
>> noticed we have a ike-frag option,
>> but that sounds like only apply to IKE, not to IPSEC esp packets. The
>> sender sends packet with size around
>> 1000B.
>>
>
> You can set mtu= which causes a route to be added with the specified
> mtu to work around this.
>
> But IPsec is not fragmenting at 332 bytes. In fact, isn't that smaller
> then the minimum allowed MTU size? It seems you have another non-IPsec
> problem on your network that needs addressing.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170323/0708778a/attachment.html>
More information about the Swan
mailing list