Why Change the IP MTU on GRE Interfaces?

Why Change the IP MTU on GRE Interfaces?

If fragmentation occurs at the physical interface instead of the GRE tunnel interface, then we could end up with fragmented GRE packets. These fragments would need to be dealt with by the router on the other end of the tunnel; this could degrade network performance.

By modifying the IP MTU on the GRE tunnel itself, fragmentation may still happen, however each fragment will have a GRE header. This is important! Now, instead of the router reassembling the fragments, it will just simply remove the GRE headers and forward the fragments to their destination. The destination device will now be responsible for reassembling the fragments. This could reduce a lot of potential overhead on the routers terminating the tunnel.

It’s actually recommended to set the IP MTU of a GRE interface to 1400. But why?? Well, GRE tacks on an additional 24 bytes worth of headers. 20 for the outer IP Header, and 4 for the GRE header. But this would only total up to 1424 bytes maximum, so you could probably get away with 1476 to get an even 1500 after GRE encapsulation. The reason 1400 bytes is recommended is because it gives you extra room for things like GRE over IPSec, etc.

GRE Packet

TIP: A good way to avoid as much fragmentation as possible is to clamp the MSS at 1366. But remember, MSS clamping affects TCP only, not UDP.

Did you find this page helpful?

PID: 20230402-00001