Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX behavior with SD-WAN

Sandeep_G
Conversationalist
‎Mar 10 2023 6:03 AM
‎Mar 10 2023 6:03 AM

Meraki MX behavior with SD-WAN

Hi,

 

We are having a situation where we have an application that works perfectly fine in legacy. As soon as we migrate to SDWAN, the application starts rebooting and doesn't register. After analysis we found the application is sending certain bytes of MTU and expecting the same which works perfectly fine on legacy network. Unfortunately we are also not able to set the MTU under DHCP for this particular application.

My question is:

1. Are we adding additional bytes for the VPN tunnel? Will MX report 1500 bytes or will it adjust the reporting value to the "available to the end point/user" (i.e., Total MTU minus the header that it's going to use/add for establishing its VPN)?

2. Can MX change the LAN side MTU? Or can it handle fragmentation/defragmentation within the box itself at the L2 level making it transparent to the application end points that there is some "VPN" in the path and the original payloads are being fragmented? 

Labels:
0 Kudos
Subscribe
7 Replies 7
RaphaelL
Kind of a big deal
Kind of a big deal
‎Mar 10 2023 6:20 AM
‎Mar 10 2023 6:20 AM

Hi ,

 

Is it TCP based or else ? 

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Troubleshooting_MT...

 

The MX will clamp the TCP-MSS 

0 Kudos
Subscribe
In response to RaphaelL
Sandeep_G
Conversationalist
‎Mar 10 2023 6:23 AM
‎Mar 10 2023 6:23 AM

It is HTTP traffic actually. We did follow the steps in that link, but can't get the application working as of yet.

0 Kudos
Subscribe
In response to Sandeep_G
RaphaelL
Kind of a big deal
Kind of a big deal
‎Mar 10 2023 6:25 AM
‎Mar 10 2023 6:25 AM

So TCP. Have you tried to capture on the VPN tunnel to see the 3-way handshake ? Do you see any fragments on the other end ? 

 

MTU shouldn't be an issue since the MSS is clamped.

0 Kudos
Subscribe
In response to RaphaelL
RaphaelL
Kind of a big deal
Kind of a big deal
‎Mar 10 2023 6:29 AM
‎Mar 10 2023 6:29 AM

RaphaelL_0-1678458546347.png

Bottom is the original SYN ( on my computer , before VPN tunnel ) , Top (inside the VPN tunnel ) is the SYN after MSS clamping.

Subscribe
In response to RaphaelL
Sandeep_G
Conversationalist
‎Mar 10 2023 6:33 AM
‎Mar 10 2023 6:33 AM

Thanks, that means VPN header doesn't add any additional bytes for this traffic. We are going to open a TAC case to troubleshoot further. Just want to see if changing MTU on WAN links help

0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 10 2023 6:21 AM
‎Mar 10 2023 6:21 AM

The MX uses an MTU size of 1500 bytes on the WAN interface.  I think you should have to open a support case.

 

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Troubleshooting_MT...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 12 2023 1:12 PM
‎Mar 12 2023 1:12 PM

There were some recent bug fixes in firmware to do with MTU over AutoVPN.

 

Review the firmware release you are using against those bug fixes.  I suspect you might just need to update your firmware.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.