
[GRE](/gre) will add an additional 24 bytes overhead (4 byte GRE header and 20 byte additional IP header) when used.  For this reason, the IP MTU and the [TCP MSS](/mtu-adjusting-the-mss-for-tcp) settings must be configured appropriately to allow for this overhead to pass through the default [MTU](/mtu) of the physical interfaces, typically set at 1500 bytes.

Various combinations of GRE and [IPSec](/ipsec) in tunnel and transport mode will result in varying amounts of overhead.  For this reason, Cisco recommends the use of the following values when using GRE:

```
ip mtu 1400  
ip tcp adjust-mss 1360
```

The MTU value of 1400 is recommended because it covers the most common GRE + IPSec mode combinations. Also, there is no discernable downside to allowing for an extra 20 or 40 bytes overhead. It is easier to remember and set one value and this value covers almost all scenarios.

The following is the output of the `show interface tunnel` command:

```
Tunnel1 is up, line protocol is up  
  Hardware is Tunnel  
  Description: xxxxxxx  
  Internet address is x.x.x.x/xx  
  MTU 17912 bytes, BW 100 Kbit/sec, DLY 10000 usec,  
     reliability 255/255, txload 139/255, rxload 209/255  
  Encapsulation TUNNEL, loopback not set  
  Keepalive not set  
  Tunnel source x.x.x.x (Dialer1), destination x.x.x.x  
  Tunnel protocol/transport GRE/IP  
     Tunnel TTL 255  
  Fast tunneling enabled  
  Path MTU Discovery, ager 10 mins, min MTU 92  
  Tunnel transport MTU 1476 bytes
```

The Tunnel transport MTU is the MTU that we have been talking about above.  There is another value, which is the MTU of the tunnel itself.  In the above output, this value is set to 17912 bytes.  This is analogous to the interface MTU of an Ethernet port, but this is for the virtual tunnel interface.  The value is typically larger to accommodate larger  upper layer packet sizes.

Links:

https://forum.networklessons.com/t/mtu-troubleshooting-on-cisco-ios/1078/212?u=lagapides

https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html#anc19

https://networklessons.com/cisco/ccie-routing-switching/pppoe-mtu-troubleshooting-cisco-ios

https://community.cisco.com/t5/routing/mtu-interface-vs-tunnel-transport-vs-ip/td-p/4146673

GRE MTU settings

EIGRP unequal cost load balancing

EIGRP what happens when a feasible successor fails

EIGRP

EPC - Cisco Embedded Packet Capture

ERSPAN

EVE-NG supported Cisco and other vendor images

Equal-cost Multi-path routing

EtherChannel - applying configurations to the interface

EtherChannel - implementing over 802.1Q tunneling

EtherChannel - load balancing algorithms

EtherChannel - max-bundle

EtherChannel - prerequisites for bundling

EtherChannel

Etherchannel - fast-switchover

Ethernet - role of FCS field

Ethernet - speed and duplex mismatches

Ethernet - speed and duplex settings on an ISR4431

Ethernet CSMA-CD

Ethernet VPN (EVPN)

Ethernet administrative and operational encapsulation

Ethernet administrative operational mode

Ethernet frame types

Ethernet header

Ethernet over IP (EoIP)

Ethernet

FHRP - interaction with routing protocols

FHRP - which ports should you configure

FHRP Communication Between Redundant Routers

FHRP Load Balancing Behavior

FHRP Protocols

FHRP communication path of keepalives

Fiber optic types

Fiber optics - Multi mode fiber optics characteristics

Fiber optics - Single mode fiber optics characteristics

Fiber optics - color coding

Fiber optics - connectors

FlexVPN Hub and Spoke backup routes

FlexVPN redundant hub with dual cloud

FlexVPN spoke to spoke communication fails with IPSec tunnel

FlexVPN

Frame Relay - is it a relevant technology anymore

Frame-Relay - emulating a Frame-Relay switch

Frame-Relay DLCI values

GNS3 how to obtain Cisco IOS images

GRE - Recursive routing error - AD solution

GRE - Recursive routing error - filtering solution

GRE - Recursive routing error

GRE - Tunnel Addressing

GRE and IPSec

GRE tunnel and multicast

GRE tunnel key operation with only one tunnel key configured

GRE tunnel key

GRE tunnels and how they transmit multicast packets

HSRP - standby group numbers

HTTP - viewing HTTP messages in Wireshark

Hardware - Application Specific Integrated Circuit (ASIC)

High-Level Data Link Control (HDLC)

Home lab computer requirements

Hot Standby Router Protocol (HSRP)

How to practice labbing - best practices

How to prepare for Cisco DNA

IANA

ICANN

ICMP - Mitigating Vulnerabilities

ICMP - Vulnerabilities

ICMP - response to a ping that is blocked by an ACL

ICMP codes and types

ICMP

IEEE

IETF

IGMP - Snooping Querier Election

IGMP - Snooping Querier

IGMP - access group

IGMP - fast leave

IGMP - filtering using ACLs

IGMP - ip igmp snooping querier command

IGMP - membership report

IGMP - using VLAN access maps to filter multicast traffic

IGMP Snooping internal interface

IGMP default IOS configurations

IGMP last member query interval

IGMP membership query max response time

IGMP membership reports destination

IGMP report suppression

IGMP snooping prevents report suppression

IGMP snooping source IP address for messages

IGMP snooping

IGMP version 1 how hosts stop receiving multicast traffic

IGMP

IGMPv2 - leave group message mechanism

IGRP

IOS - Configuration Archive and Rollback

IOS - Right To Use (RTU) License

IOS - ip http server

IOS - licensing

IOS - show license command

IOS - using ftp or tftp source-interface command