由于GRE 是将一个数据包封装到另一个数据包中,因此你可能会遇到GRE 的数据报大于网络接口所设定的数据包最大尺寸的情况。接近这种问题的方法是在隧道接口上配置ip tcp adjust-mss 1436。 另外,虽然GRE 并不支持加密,但是你可以通过tunnel key 命令在隧道的两头各设置一个密钥。这个密钥其实就是一个明文的密码。 由于GRE 隧道没有状态控制,可能隧道的一端已经关闭,而另一端仍然开启。这一问题的解决方案就是在隧道两端开启keepalive 数据包。它可以让隧道一端定时向另一端发送keepalive 数据,确认端口保持开启状态。如果隧道的某一端没有按时收到keepalive 数据,那么这一侧的隧道端口也会关闭。 ------------------------------------------------------------------------ 以下是GRE Tunnel MSS 设置的几个例子 In the diagram above, when the Client wants to access a page on the Internet, it establishes a TCP session with the Web Server. During this process, the Client and Web Server announce their maximum segment size (MSS), indicating to each other that they can accept TCP segments up to this size. Upon receiving the MSS option, each device calculates the size of the segment that can be sent. This is called the Send Max Segment Size (SMSS), and it equals the smaller of the two MSSs. For more information about TCP Maximum Segment Size, see RFC 879 . For the sake of argument, let's say the Web Server in the example above determines that it can send packets up to 1500 bytes in length. It therefore sends a 1500 byte packet to the Client, and, in the IP header, it sets the "don't fragment" (DF) bit. When the packet arrives at R2, the router tries encapsulating it into the tunnel packet. In the case of the GRE tunnel interface, the IP maximum transmission unit (MTU) is 24 bytes less than the IP MTU of the real outgoing interface. For an Ethernet outgoing interface that means the IP MTU on the tunne...
