GRE MTU settings

GRE will add an additional 24 bytes overhead (4 byte GRE header and 20 byte additional IP header) when used. For this reason, the IP MTU and the TCP MSS settings must be configured appropriately to allow for this overhead to pass through the default MTU of the physical interfaces, typically set at 1500 bytes.

Various combinations of GRE and IPSec in tunnel and transport mode will result in varying amounts of overhead. For this reason, Cisco recommends the use of the following values when using GRE:

ip mtu 1400 ip tcp adjust-mss 1360

The MTU value of 1400 is recommended because it covers the most common GRE + IPSec mode combinations. Also, there is no discernable downside to allowing for an extra 20 or 40 bytes overhead. It is easier to remember and set one value and this value covers almost all scenarios.

The following is the output of the show interface tunnel command:

Tunnel1 is up, line protocol is up   Hardware is Tunnel   Description: xxxxxxx   Internet address is x.x.x.x/xx   MTU 17912 bytes, BW 100 Kbit/sec, DLY 10000 usec,      reliability 255/255, txload 139/255, rxload 209/255   Encapsulation TUNNEL, loopback not set   Keepalive not set   Tunnel source x.x.x.x (Dialer1), destination x.x.x.x   Tunnel protocol/transport GRE/IP      Tunnel TTL 255   Fast tunneling enabled   Path MTU Discovery, ager 10 mins, min MTU 92   Tunnel transport MTU 1476 bytes

The Tunnel transport MTU is the MTU that we have been talking about above. There is another value, which is the MTU of the tunnel itself. In the above output, this value is set to 17912 bytes. This is analogous to the interface MTU of an Ethernet port, but this is for the virtual tunnel interface. The value is typically larger to accommodate larger upper layer packet sizes.