No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ipsec fragmentation

ipsec fragmentation

Function

The ipsec fragmentation command sets the fragmentation mode of IP packets on an IPSec tunnel or A2A VPN.

The undo ipsec fragmentation command restores the default configuration.

By default, IP packets are fragmented after being encrypted on an IPSec tunnel or A2A VPN.

Format

ipsec fragmentation before-encryption

undo ipsec fragmentation before-encryption

Parameters

Parameter

Description

Value

before-encryption

Indicates that IP packets are fragmented before being encrypted on an IPSec tunnel or A2A VPN.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an original packet is encapsulated, the packet length may exceed the MTU of the device outbound interface. To prevent packet loss, fragment the packets. The following fragmentation modes are available:
  • Fragmentation before encryption: Before encapsulation, the encryption device calculates the predicted encapsulated packet length. If the packet length is larger than the MTU of the outbound interface, the encryption device fragments packets, and then encrypts the packets. In this situation, the decryption device requests the terminal to reassemble the packets, reducing the CPU usage on the decryption device.

  • Fragmentation after encryption: If the size of the encapsulated A2A VPN packets exceeds the MTU of the outbound interface, the encryption device fragments the packets based on the MTU of the outbound interface. In this case, the peer decryption device assembles and decrypts A2A VPN fragments and then sends decrypted packets to the terminal host.

Precautions

The ipsec fragmentation command takes effect only when packets can be fragmented.

Example

# Set the fragmentation mode of IPSec or A2A VPN packets to before-encryption.

<Huawei> system-view
[Huawei] ipsec fragmentation before-encryption
Related Topics
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 69448

Downloads: 113

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next