会带来数据包重 新排序问题。一些乘客协议在混合媒体网络中的运行效率非常低下。
? 点对点隧道可能会用光物理链路的带宽。如果您在多个点对点隧道中运行路由协议,请记住每个隧道接口都有带宽,并且该隧道运行所基于的物理接口也有带宽。例如,如果有100个隧道运行在一条10 MB的链路上,您可能希望将隧道带宽设置为100Kb。隧道的默认带宽是9Kb。
? 路由协议可能会优先选择隧道(而不是“实际”链路),因为隧道看似是路径成本最低的一跳链路,而实际上它包含较多跳,并且其实际成本高于另一条路径。通过正确配置路由协议可以消除此问题。您可能希望在隧道接口上运行不同的路由协议,而 不是在物理接口运行的路由协议。
? 通过配置指向隧道目标的相应静态路由,可以避免递归路由问题。递归路由是指通往“隧道目标”的最佳路径是通过隧道本身。此情况将导致隧道接口上下反弹。当出现递归路由问题时,您将看到以下错误:
%TUN-RECURDOWN Interface Tunnel 0 temporarily disabled due to recursive routing
11、路由器在隧道端点参与PMTUD
The router has two different PMTUD roles to play when it is the endpoint of a tunnel.
?In the first role the router is the forwarder of a host packet. For PMTUD processing, the router needs to check the DF bit and packet size of the original data packet and take appropriate action when necessary.
?The second role comes into play after the router has encapsulated the original IP packet inside the tunnel packet. At this stage, the router is acting more like a host with respect to PMTUD and in regards to the tunnel IP packet.
Lets start by looking at what happens when the router is acting in the first role, a router forwarding host IP packets, with respect to PMTUD. This role comes into play before the router
31
encapsulates the host IP packet inside the tunnel packet.
If the router participates as the forwarder of a host packet it will do the following:
?Check whether the DF bit is set.
?Check what size packet the tunnel can accommodate. ?Fragment (if packet is too large and DF bit is not set), encapsulate fragments and send; or
?Drop the packet (if packet is too large and DF bit is set) and send an ICMP message to the sender.
?Encapsulate (if packet is not too large) and send. 当路由器作为隧道端点时,它将扮演两种不同的PMTUD角色:
路由器的第一个角色是作为主机数据包的转发者。对于PMTUD处理,路由器需要检查原始数据包的DF位和数据包大小,并在必要时采取相应操作。
在路由器将原始IP数据包封装在隧道数据包内之后,第二个角色开始发挥作用。就PMTUD和隧道IP数据包而言,路由器在此阶段中的作用与主机更为相似。【简单理解:封装后的包源IP地址就是路由器外网接口IP,所以发送者就变成了路由器,路由器就相当于主机的角色】
首先,让我们从PMTUD方面了解路由器在充当第一种角色(即转发主机 IP 数据包的路由器)时会发生什么情况。在路由器将主机IP数据包封装在隧道数据包内之前,此角色开始发挥作用。
如果路由器作为主机数据包的转发者参与,它将执行以下操作: ? 检查是否已设置DF位。 ? 检查隧道可容纳的数据包大小。
? 分段(如果数据包太大,且未设置DF位),封装并发送分段;或者
丢弃数据包(如果数据包太大,且设置了DF位),并向发送者发送 ICMP 消息。
? 封装(如果数据包并不太大)并发送。
Generically, there is a choice of encapsulation and then fragmentation (sending two encapsulation fragments) or
32
fragmentation and then encapsulation (sending two encapsulated fragments).
Below are some examples that describe the mechanics of IP packet encapsulation and fragmentation and two scenarios that show the interaction of PMTUD and packets traversing example networks.
一般说来,您可以选择先封装,后分段的方法(发送两个封装分段),也可以选择先分段,后封装的方法(发送两个已封装的分段)。
下面给出了一些示例,这些示例描述了IP数据包的封装和分段机制,同时还提供了两种方案,这些方案显示了PMTUD和穿越示例网络的数据包之间的交互。
The first example below shows what happens to a packet when the router (at the tunnel source) is acting in the role of forwarding router. Remember that for PMTUD processing, the router needs to check the DF bit and packet size of the original data packet and take appropriate action. This examples uses GRE encapsulation for the tunnel. As can be seen below, GRE does fragmentation before encapsulation. Later examples show scenarios in which fragmentation is done after encapsulation.
In Example 1 , the DF bit is not set (DF = 0) and the GRE tunnel IP MTU is 1476 (1500 - 24).
下面的第一个示例显示当路由器(位于隧道源中)充当转发路由器角色时,数据包会发生什么情况。请记住,对于PMTUD处理来说,路由器需要检查原始数据包的DF位和数据包大小,并且采取相应操作。本示例对隧道使用GRE封装。如下所示,GRE在封装之前执行分段。后面的示例显示在封装后进行分段的方案。
在示例1中,未设置DF位(DF = 0),并且GRE隧道IP MTU为1476(1500 - 24)。
33
示例1:
1.The forwarding router (at the tunnel source) receives a 1500-byte datagram with the DF bit clear (DF = 0) from the sending host. This datagram is composed of a 20-byte IP header plus a 1480 byte TCP payload.
转发路由器(位于隧道源中)从发送主机收到一个1500字节且清除了 DF位(DF = 0)的数据报。此数据报由一个20字节的IP报头和一个1480字节的TCP负载组成。
IP
1480 字节 TCP + 数据
2.Because the packet will be too large for the IP MTU after the GRE overhead (24 bytes) is added, the forwarding router breaks the datagram into two fragments of 1476 (20 bytes IP header + 1456 bytes IP payload) and 44 bytes (20 bytes of IP header + 24 bytes of IP payload) so after the GRE encapsulation is added, the packet will not be larger than the outgoing physical interface MTU.
由于在增加GRE开销(24字节)之后,对于IPMTU而言,数据包过大,因此,转发路由器会将数据报分为两个分别为1476字节(20字节IP报头 + 1456字节IP负载)和44字节(20字节IP报头+24字节IP负载)的分段,这样在添加GRE封装后,数据包不会大于传出物理接口MTU。
IP0
1456 字节 TCP + 数据
IP1
24 字节数据
3.The forwarding router adds GRE encapsulation, which includes a 4-byte GRE header plus a 20-byte IP header, to each fragment of the original IP datagram. These two IP datagrams now have a length of 1500 and 68 bytes, and these datagrams are seen as individual IP datagrams not as fragments.
转发路由器向原始I 数据报的每个分段添加GRE封装,其中包括一个4
34
字节的GRE报头和一个20字节的IP报头。这两个IP数据报现在的长度为1500字节和68字节,这些数据报将视作单独的IP数据报,而不是分段。
IP GRE IP0 1456 字节 TCP + 数据 IP
GRE
IP1
24 字节数据
4.The tunnel destination router removes the GRE encapsulation from each fragment of the original datagram leaving two IP
fragments of lengths 1476 and 24 bytes. These IP datagram fragments will be forwarded separately by this router to the receiving host.
隧道目标路由器从原始数据报的每个分段中删除GRE封装,使两个IP分段的长度分别为1476字节和24字节。该路由器将这些IP数据报分段单独转发到接收主机。
IP0
1456 字节 TCP + 数据
IP1
24 字节数据
5.The receiving host will reassemble these two fragments into the original datagram.
接收主机将这两个分段重组为原始数据报。
IP
1480 字节 TCP + 数据
Scenario 5 depicts the role of the forwarding router in the context of a network topology.
场景5描述了转发路由器在网络拓扑环境中的角色。
This scenario illustrates GRE fragmentation. Remember that you fragment before encapsulation for GRE, then do PMTUD for the data packet, and the DF bit is not copied when the IP packet is encapsulated by GRE. In this scenario, the DF bit is not set. The
35