IP 1456 字节 TCP + 数据
The next example shows what happens when the router is acting in the role of a sending host with respect to PMTUD and in regards to the tunnel IP packet. This time the DF bit is set (DF = 1) in the original IP header and we have configured the tunnel path-mtu-discovery command so that the DF bit will be copied from the inner IP header to the outer (GRE + IP) header.
下一示例从PMTUD和隧道IP数据包方面说明了路由器在充当发送主机角色时会发生什么情况。在本示例中,原始IP报头中设置了DF位(DF = 1),并且我们还配置了tunnel path-mtu-discovery命令,以便将DF位从内部IP报头复制到外部(GRE + IP)报头。【执行PMTUD理解为:执行路径MTU探测,即将外层IP包的DF位置1,接收、处理路径中返回的由于MTU造成的ICMP返回包】
示例 4
1.The forwarding router at the tunnel source receives a 1476-byte datagram with DF = 1 from the sending host.
位于隧道源的转发路由器从发送主机收到一个1476字节且DF = 1 的数据报。
IP
1456 字节 TCP + 数据
2.This router encapsulates the 1476-byte IP datagram inside GRE to get a 1500-byte GRE IP datagram. This GRE IP header will have the DF bit set (DF = 1) since the original IP datagram had the DF bit set. This router then forwards this packet to the tunnel destination.
此路由器将上述1476字节的IP数据报封装在GRE内,以得到一个1500 字节的GRE IP数据报。由于原始IP数据报设置了DF位,因此此GRE IP报头也将设置DF位(DF = 1)。然后,此路由器将此数据包转发到隧道目标。
41
IP GRE IP 1456 字节 TCP 3.Again, assume there is a router between the tunnel source and destination with a link MTU of 1400. This router will not fragment the tunnel packet since the DF bit is set (DF = 1). This router must drop the packet and send an ICMP error message to the tunnel source router, since that is the source IP address on the packet.
同样,假定隧道源和目标之间存在一台路由器,并且链路MTU为1400。由于设置了DF位(DF = 1),因此此路由器将不会对隧道数据包进行分段。此路由器必须丢弃数据包,并向隧道源路由器发送一条ICMP错误消息,这是因为隧道源路由器是数据包中的源IP地址。
IP
ICMP MTU 1400
4.The forwarding router at the tunnel source receives this ICMP error message and it will lower the GRE tunnel IP MTU to 1376 (1400 - 24). The next time the sending host retransmits the data in a 1476-byte IP packet, this packet will be too large and this router will send an ICMP error message to the sender with a MTU value of 1376. When the sending host retransmits the data, it will send it in a 1376-byte IP packet and this packet will make it through the GRE tunnel to the receiving host.
位于隧道源的转发路由器收到此ICMP错误消息,并将GRE隧道IP MTU降低为1376 (1400 - 24)。当发送主机下次重新传输1476字节的IP数据包时,此数据包将过大,此路由器将向发送者发送一条ICMP错误消息,指明MTU值为1376。当发送主机重新传输数据时,它将采用1376字节的IP数据包发送这些数据,因此该数据包将通过GRE隧道发送到接收主机。
场景6
This is scenario a similar to Scenario 5, but this time the DF bit is set. In Scenario 6, the router is configured to do PMTUD on
42
GRE + IP tunnel packets with the tunnel path-mtu-discovery command, and the DF bit is copied from the original IP header to the GRE IP header. If the router receives an ICMP error for the GRE + IP packet, it reduces the IP MTU on the GRE tunnel interface. Again, remember that the GRE Tunnel IP MTU is set to 24 bytes less than the physical interface MTU by default, so the GRE IP MTU here is 1476. Also notice that there is a 1400 MTU link in the GRE tunnel path.
类似于场景5,但此方案设置了DF位。在场景6中,将对路由器进行配置,以便使用 tunnel path-mtu-discovery 命令对 GRE + IP 隧道数据包执行 PMTUD,并将DF位从原始IP报头复制到GRE IP报头。如果路由器收到关于GRE + IP数据包的ICMP错误,则会减小GRE隧道接口上的IP MTU。同样,请记住,默认情况GRE隧道IP MTU设置为比物理接 MTU小24字节,因此,本示例中的GRE IP MTU 1476。此外,请注意,GRE隧道路径中存在一条MTU为1400的链路。
1.The router receives a 1500-byte packet (20 byte IP header + 1480 TCP payload), and it drops the packet. The router drops the packet because it is larger then the IP MTU (1476) on the GRE
43
tunnel interface.
路由器收到一个1500字节的数据包(20 字节 IP 报头 + 1480 字节 TCP 负载),然后丢弃此数据包。路由器丢弃此数据包的原因是:它大于GRE隧道接口上的IP MTU(1476)。
2.The router sends an ICMP error to the sender telling it that the next-hop MTU is 1476. The host will record this information, usually as a host route for the destination in its routing table.
路由器向发送者发送一条ICMP错误,通知发送者下一跳MTU为1476。主机将在其路由表中以目标主机路由的形式记录该信息。
3.The sending host uses a 1476-byte packet size when it resends the data. The GRE router adds 24 bytes of GRE encapsulation and ships out a 1500-byte packet.
当重新发送数据时,发送主机采用1476字节作为数据包大小。GRE路由器添加24字节的GRE封装,然后发送一个1500字节的数据包。
4.The 1500-byte packet cannot traverse the 1400-byte link, so it is dropped by the intermediate router.
该1500字节的数据包无法通过1400字节的链路,因此中间路由器将丢弃该数据包。
5.The intermediate router sends an ICMP (code = 3, type = 4) to the GRE router with a next-hop MTU of 1400. The GRE router reduces this to 1376 (1400 - 24) and sets an internal IP MTU value on the GRE interface. This change can only be seen when using the debug tunnel command; it cannot be seen in the output from the show ip interface tunnel<#> command.
中间路由器向下一跳MTU为1400的GRE路由器发送ICMP(代码 = 3,类型 = 4)。GRE路由器将该数据包减小为1376(1400 - 24),并在GRE接口上设置一个内部IP MTU 值。仅当使用debug tunnel命令时,才会显示此更改;show ip interface tunnel<#> 命令的输出中不会显示此更改。
44
6.The next time the host resends the 1476-byte packet, the GRE router will drop the packet, since it is larger then the current IP MTU (1376) on the GRE tunnel interface.
主机下次重新发送1476字节的数据包时,由于它大于GRE 隧道接口上的当前IP MTU(1376),因此GRE路由器将丢弃此数 据包。
7.The GRE router will send another ICMP (code = 3, type = 4) to the sender with a next-hop MTU of 1376 and the host will update its current information with new value.
GRE路由器将向下一跳MTU为1376的发送者另外发送一个ICMP(代码 = 3,类型 = 4),同时主机将使用新值更新其当前信息。
8.The host again resends the data, but now in a smaller 1376-byte packet, GRE will add 24 bytes of encapsulation and forward it on. This time the packet will make it to the GRE tunnel peer, where the packet will be de-capsulated and sent to the destination host.
现在,主机将采用更小的1376字节的数据包重新发送该数据,GRE将添加24字节的封装,并继续转发该数据包。此时,数据包将发送到GRE隧道对等体,将在其中解除封装数据包并将其发送到目标主机。
Note: If the tunnel path-mtu-discovery command was not configured on the forwarding router in this scenario, and the DF bit was set in the packets forwarded through the GRE tunnel, Host 1 would still succeed in sending TCP/IP packets to Host 2, but they would get fragmented in the middle at the 1400 MTU link. Also the GRE tunnel peer would have to reassemble them before it could decapsulate and forward them on.
注意:如果在本案例中,转发路由器上没有配置隧道path-mtu-discovery命令,通过GRE隧道转发的包【指原始数据包】DF位置1,那么
45