Ethernet MTU & Cisco DTLS EAS_256

I am sharing this to gather thoughts and perhaps validate and make some sense on what i have seen on my set up

Force 180 SM connecting up to its companion ePMP AP. link appeared stable for pretty much any usual traffic, HTTP, FTP VOIP etc etc..  until I have started to use the link to connect a CISCO VPN DTLS EAS_256_SHA1. this is a typical VPN that major corporation use nowadays. The windows client that it uses is AnyConnect.

Over the VPN tunnel the latency have been playing up quiet a bit, as soon as the tunnel is established the latecy goes up and down, the more traffic you generate the more jitter you get, packets loss included.

what was strange about it is that while the traffic within the VPN channel was severely disrupted a ping test against the actual gateway on the plain public internet was showing stability.

I have therefore done some research and found a bunch of articles and blog posts talking about a possible packets size issue, fragmentation,  MTU settings etc.

Here is how i solved mine and stabilized the link. i changed the force 180 ethernet MTU setting to 1492 ( used to be 1500 ). this has immediately stabilized the link, now i get a continous and stable low jitter channel.

Here is my theory but i need you guys to validate. the overhead for the cambium encryption was being added on top of the DTLS VPN and altogether causing packets fragmentation. by lowering the MTU on the force 180 ethernet interface to 1492 i have possibly given 8more bytes for the ovehead ?

has anyone came across this ?

1 Like

Hi Sandro,

As ePMP operates as a transparent bridge, any overhead applied to the packets as they transit across the wireless link wouldn't affect the packet size as packets egress from the wired ports of the ePMP link to the rest of the network. I think an IP fragmentation issue was occurring within the VPN, and by reducing the MTU to 1492 the overall packet size is not large enough for IP fragmentation to be needed.