We have recently started offering ADSL2+ services. Like all tier 2 ISPs in Australia, these ADSL2+ sessions are delivered to us over L2TP tunnels to our LNS. Everything was set up fine with the sessions authenticating and terminating and with the end customers able to access the internet. However, we soon had customers with issues accessing some websites. Having seen similar things before, my first thought was MTU. After some testing and eventually sending an engineer out to a customer having issues we ended up with:
description ADSL2+ Virtual Template
ip unnumbered Loopback0
no ip redirects
no ip unreachables
no ip proxy-arp
ip tcp adjust-mss 1412
peer default ip address pool ADSL2-POOL
ppp mtu adaptive
ppp authentication chap use-radius
ppp authorization use-radius
The background for this was from Cisco's MTU Tuning for L2TP.
mtu option sets the MTU which is negotiated with the client when the PPP session is set up. Unfortunately not all PPP clients listen to the value you set here. Our value of 1452 here comes from 1500 - 40 (IP + UDP + L2TP) - 8 (PPPoE).
The problem of course is the PPP clients who don't listen to or ignore the advertised MTU value. This is where
ip tcp adjust-mss comes in. This option sets the maximum size of TCP packets. The size comes from 1452 - 40 (TCP/IP header). Since TCP is the only protocol where you would really expect packets which require fragmentation this seems to fix all noticeable traffic.
We have also added
ppp mtu adaptive as it appears there are a lot of people using it. However, if anyone can find a reference explaining what it does I would be impressed.
These options have fixed the MTU issues for our customers.