On Mon, Nov 08, 2010 at 12:31:51AM +0100, Vladimir Ostrovskiy wrote: > Hi, > > 1. as far as my knowledge goes pure mpls packet should not be fragmented
Right, there is no way to fragment a MPLS packet on ethernet, since L2 does not implement such a thing. But gif(4) is L3 and therefor the traffic over gif can be fragmented. > 2. i am unuware of IPSec encap of MPLS, maybe in GRE first? > but once such encap is done there is DF bit set. You can encap the IP packet, since IPSec always comes with an IP header. > 3. maybe it will be easier to put additional routers on both endpoints > with interfaces set with an IP MTU, small enough? > I don't think this is needed. In short, gif(4) will fragment packets just fine (actually it is the normal IP fragmenting in ip_output()). So in theory you could forward jumbo frames over a link with less then 1500 bytes by using a big MTU gif(4) on a bridge. This works just fine as long as there is only very little packet loss. There are a few people that use vether(4) + bridge(4) + gif/ipsec to build L2 tunnels with full MTU, it works astoundingly well. The bridge(4) IP fragmenting is mostly untested and only works for IPv4. I would not build anything on top of that feature. > > On Sun, Nov 7, 2010 at 11:02 PM, Doug Clements <dcleme...@gmail.com> wrote: > > > Hi, > > From the man page for bridge (4): > > > > If an IP packet is too large for the outgoing interface, the bridge > > will > > perform IP fragmentation. This can happen when bridge members have > > different MTUs or when IP fragments are reassembled by pf. Non-IP > > packets which are too large for the outgoing interface will be dropped. > > > > Is it somehow possible (maybe with different features?) to fragment a > > layer2 frame for reassembly on the other side of a bridge? This would > > be for use with MPLS, so using pf's scrub directive would not be > > applicable. The desired behavior would be to take in 1500 bytes of IP > > payload with an added MPLS label and transport this inside a gif/ipsec > > tunnel over the internet (with a wan-link MTU of 1500). > > > > --Doug > -- :wq Claudio
