Resolve IP Fragmentation, MTU, MSS, and PMTUD Issues with GRE and IPSEC – Cisco

http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

It seems somehow I’ve never managed to run across this particular article describing path MTU discovery (PMTUD) in conjunction with IPSec and GRE tunnels.  Scenario 10 is a particularly good and detailed description of how it can go, even taking into account situations common to PPPoE DSL connections which have an MTU of 1492 (the 1400-byte MTU link in the scenario would have the same effect).

Ran across this one while looking for any documentation/information about AT&T ignoring the DF/”don’t fragment” bit and proceeding to fragment at will, breaking path MTU discovery.  I’d love to find a way to get them to stop doing that on my connections, and just let the protocol work as it is supposed to.