A flag set to a 1 indicates to the receiving appliance that more fragments of this packet are coming, while a flag set to a 0 indicates that the appliance has received the last fragment of the packet.įragment Offset: A value that helps the receiving appliance reassemble the packet fragments into the right sequence More Fragments (MF): A flag set to a 1 for all fragments except the last one, which is set to 0. Identification: The value that identifies the original packet the fragment belongs to. (The appliance thus must ensure that the maximum size of each fragment is its own MTU minus the header size.) The appliance also records in the header the following information so that the receiving appliance can properly identify the fragments and reassemble them into the original packet that was sent. The appliance then places each fragment into its own packet, with its own header. If your tunnel MTU is larger than either value, the network or path appliance divides each packet into fragments. The Path MTU: The maximum total data per packet allowed by appliances that stand in the path between your network appliance and the ZEN The Network Appliance MTU: The maximum total data per packet allowed by the edge network appliance from which the tunnel is built A suboptimal MTU for the tunnel results in significantly poor performance for your users.Īn optimal tunnel MTU is equal to or lower than the following key values: The MTU determines the maximum packet size that can be sent over that tunnel, and setting an optimal MTU here is crucial. When you configure a GRE or IPsec tunnel to the ZEN, you must set a Maximum Transmission Unit (MTU) for the tunnel. From there, the ZEN sends the traffic out to the requested destination web server if it complies with your organization's security and compliance policies. When a user from your organization requests a web site, the user's traffic first travels from your organization's edge network appliance (for example, a router or firewall) to a Zscaler Enforcement Node (ZEN) via a primary or secondary GRE or IPsec tunnel. Below you canlearn how to determine the optimal MTU for your organization's tunnels. A suboptimal MTU for your organization's GRE or IPsec tunnel results in severe performance degradation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |