.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Netwitness connection via a tunnel that needs to be considered when connecting a core appliance to NetWitness Logs & Network
Issue
When adding an appliance that has to connect through a tunnel you may have to consider the GRE (Generic Routing Encapsulation) and MTU (Maximum Transmission Unit) and reconfigure the network interface MTU settings.Cause
GRE packets and headers are formed at its origination. The headers are 24-bytes in length. Depending on the original size of the packet you may run into IP MTU problems during packet reassembly.
Resolution
For more information and examples of this please review Cisco documentation on resolving IP Fragmentation, MTU, MSS, and PMTUD Issues with GRE and IPSEC.If a core appliance has to go through a tunnel to be added to the Admin server and cannot connect due to a lower IP MTU tunnel configuration then the MTU on the Admin server network interface will need to be modified. This is configured in the /etc/sysconfig/network-scripts/ifcfg-
[root@SA-SERVER ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
*******************************
DEVICE=<eth0>
TYPE=Ethernet
BOOTPROTO=static
IPADDR=x.x.x.x
NETMASK=x.x.x.x
GATEWAY=x.x.x.x
NM_CONTROLLED=no
ONBOOT=yes
MTU=1320
*******************************
:wq
*******************************
[root@SA-SERVER ~]# ifdown eth0
[root@SA-SERVER ~]# ifup eth0
*******************************
DEVICE=<eth0>
TYPE=Ethernet
BOOTPROTO=static
IPADDR=x.x.x.x
NETMASK=x.x.x.x
GATEWAY=x.x.x.x
NM_CONTROLLED=no
ONBOOT=yes
MTU=1320
*******************************
:wq
*******************************
[root@SA-SERVER ~]# ifdown eth0
[root@SA-SERVER ~]# ifup eth0
MTU=1320 - MTU configuration has been reduced to 1320 because by default the MTU is 1500 whereas the tunnel has the IP MTU configured for 1296 bytes and not 1476 bytes; it leaves room for 24 bytes for the GRE header. Be sure to get with the administrator of the tunnel to understand what the IP MTU is set at on the router.
Product Details
NetWitness Product Set: NetWitness Logs & NetworkNetWitness Product/Service Type: NetWitness Admin Server
NetWitness Version/Condition: 11.x, 12.x
Summary
Documentation and reference on MTU settings needed to be considered when a tunnel is involved to connect a core appliance to NetWitness SA
Approval Reviewer Queue
Technical approval queue