GRE tunnel interface IP MTU is, by default, 24 bytes less than the physical interface IP MTU, so the GRE interface IP MTU is 1476.
此场景说明GRE分段。请记住,在封装GRE之前进行分段,然后对数据包执行PMTUD,当使用GRE封装IP数据包时,不会复制DF位【理解为外网IP包DF不复制内网IP包DF位】隧道接口IP MTU比物理接口IP MTU小24字节,因此GRE接口IP MTU为1476。
场景 5
1.The the sender sends a 1500-byte packet (20 byte IP header + 1480 bytes of TCP payload).
发送者发送一个1500字节的数据包(20字节IP报头 + 1480字节TCP负载)。
2.Since the MTU of the GRE tunnel is 1476, the 1500-byte packet is broken into two IP fragments of 1476 and 44 bytes, each in anticipation of the additional 24 byes of GRE header.
由于GRE隧道的MTU为1476,因此,上述1500字节的数据包将被分为两个分别为1476字节和44字节【20字节包头+24字节剩余部分】的IP分段,每个分段将带额外的24字节的 GRE报头。
3.The 24 bytes of GRE header is added to each IP fragment. Now the fragments are 1500 (1476 + 24) and 68 (44 + 24) bytes each.
36
向每个IP分段添加到24字节的GRE报头。现在,两个分段分别为1500字节(1476 + 24)和68字节(24 + 24)。
4.The GRE + IP packets containing the two IP fragments are forwarded to the GRE tunnel peer router.
将含有上述两个IP分段的GRE + IP数据包转发到GRE隧道对端路由器。 5.The GRE tunnel peer router removes the GRE headers from the two packets.
GRE隧道对等路由器将删除两个数据包中的GRE报头。
6.This router forwards the two packets to the destination host. 此路由器将两个数据包转发到目标主机。
7.The destination host reassembles the IP fragments back into the original IP datagram.
目标主机将IP分段重新重组为原始IP数据报。
In the following example, the router is acting in the same role of forwarding router but this time the DF bit is set (DF = 1). 在以下示例中,路由器仍发挥着转发路由器的相同作用,但这次设置了DF位(DF = 1)。
示例2:
1.The forwarding router at the tunnel source receives a 1500-byte datagram with DF = 1 from the sending host.
位于隧道源的转发路由器从发送主机收到一个1500 字节且DF = 1的数据报。
IP
1480 字节 TCP + 数据
2.Since the DF bit is set, and the datagram size (1500 bytes) is greater than the GRE tunnel IP MTU (1476), the router will drop the datagram and send an \
37
set\alert the sender that the MTU is 1476.
由于设置了DF位,并且数据报大小(1500字节)大于GRE隧道IP MTU(1476),因此路由器将丢弃数据报,并向数据报源发送“需要分段但已设置DF位”的ICMP消息。ICMP消息将警告发送者MTU为1476。
IP
ICMP MTU 1476
3.The sending host receives the ICMP message, and when it resends the original data, it will use a 1476-byte IP datagram.
发送主机收到此ICMP消息,在重新发送原始数据时,它将使用1476字节的IP数据报。
IP
1456 字节 TCP + 数据
4.This IP datagram length (1476 bytes) is now equal in value to the GRE tunnel IP MTU so the router adds the GRE encapsulation to the IP datagram.
现在,此IP数据报的长度(1476字节)等于GRE隧道IP MTU的值,因此路由器为此IP数据报添加GRE封装。
IP GRE IP 1456 字节 TCP + 数据 5.The receiving router (at the tunnel destination) removes the GRE encapsulation of the IP datagram and sends it to the receiving host.
接收路由器(位于隧道目标中)删除IP数据报的GRE封装,并将其发送到接收主机。
IP
1456 字节 TCP + 数据
Now we can look at what happens when the router is acting in the second role as a sending host with respect to PMTUD and in regards to the tunnel IP packet. Recall that this role comes into
38
play after the router has encapsulated the original IP packet inside the tunnel packet.
Note: By default a router doesn't do PMTUD on the GRE tunnel packets that it generates. The tunnel path-mtu-discovery command can be used to turn on PMTUD for GRE-IP tunnel packets.
现在,我们可以从PMTUD和隧道IP数据包方面了解路由器在第二角色中充当发送主机时会发生什么情况。回想一下,在路由器将原始IP数据包封装在隧道数据包内之后,此角色开始发挥作用。
注意 默认情况下,路由器不会对它生成的GRE隧道数据包执行PMTUD【执行PMTUD理解为:执行路径MTU探测,即将外层IP包的DF位置1,接收、处理路径中返回的由于MTU造成的ICMP返回包】。可以使用 tunnel path-mtu-discovery 命令对 GRE-IP 隧道数据包启用 PMTUD。
Below is an example of what happens when the host is sending IP datagrams that are small enough to fit within the IP MTU on the GRE Tunnel interface. The DF bit in this case can be either set or clear (1 or 0). The GRE tunnel interface does not have the tunnel path-mtu-discovery command configured so the router will not be doing PMTUD on the GRE-IP packet.
以下示例描述了当主机发送的IP数据报非常小,足以包含在GRE隧道接口的IP MUT中时将发生什么情况。在此情况下,(原始数据包)可以设置或清除DF位(1或0)。GRE隧道接口未配置tunnel path-mtu-discovery命令,因此路由器不会对GRE-IP数据包执行PMTUD。
示例3:
1.The forwarding router at the tunnel source receives a 1476-byte datagram from the sending host.
位于隧道源的转发路由器从发送主机收到一个1476字节的数据报。
IP
1456 字节 TCP + 数据
2.This router encapsulates the 1476-byte IP datagram inside GRE to get a 1500-byte GRE IP datagram. The DF bit in the GRE IP
39
header will be clear (DF = 0). This router then forwards this packet to the tunnel destination.
此路由器将上述1476字节的IP数据报封装在GRE内,以得到一个1500字节的GRE IP数据报。将清除GRE IP报头【理解为外层包头】中的DF位(DF = 0)。然后,此路由器将此数据包转发到隧道目标。
IP GRE IP 1456 字节 TCP + 数据 3.Assume there is a router between the tunnel source and destination with a link MTU of 1400. This router will fragment the tunnel packet since the DF bit is clear (DF = 0). Remember that this example fragments the outermost IP, so the GRE, inner IP, and TCP headers will only show up in the first fragment.
假定隧道源和目标之间存在一台路由器,并且链路MTU为1400。既然已清除DF位(DF = 0),此路由器会对隧道数据包进行分段。请记住,本示例只对最外层的IP进行分段,因而GRE、内部IP和TCP报头将仅显示在第一个分段中。
IP0
GRE IP 1352 字节 TCP + 数据 IP1
104 字节数据
4.The tunnel destination router must reassemble the GRE tunnel packet.
隧道目标路由器必须重组GRE隧道数据包。
IP
GRE
IP
1456 字节 TCP + 数据
5.After the GRE tunnel packet is reassembled, the router removes the GRE IP header and sends the original IP datagram on its way.
重组GRE隧道数据包之后,路由器将删除GRE IP报头,并在其路径中发送原始IP数据报。
40