[c-nsp] BGP MSS=576 bytes

Antonio Soares amsoares at netcabo.pt
Fri Feb 20 08:22:31 EST 2009 

Yes, enabling "ip tcp path-mtu-discovey" in the other end solves this:


1) The 6500 initiates the session and has "ip tcp path-mtu-discovey". The other end does not:

6500#
00:13:01: %SEC-6-IPACCESSLOGP: list bgp-control denied tcp 1.1.1.1(11002) -> 7.7.7.7(179), 1 packet
00:13:04: %SEC-6-IPACCESSLOGP: list bgp-control denied tcp 10.10.10.1(11003) -> 10.10.10.7(179), 1 packet
6500#
00:13:05: %BGP-5-ADJCHANGE: neighbor 10.10.10.1 Up 
00:13:05: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up 
6500#
6500#
6500#sh ip bgp neighbors 10.10.10.1 | inc (path-mtu|max data)
Datagrams (max data segment is 1460 bytes):
6500#
6500#sh ip bgp neighbors 1.1.1.1 | inc (path-mtu|max data)   
Datagrams (max data segment is 536 bytes):
6500#
6500#

2) "ip tcp path-mtu-discovey" was configured in the other end and the sessions were cleared:

00:14:19: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Down Peer closed the session
00:14:19: %BGP-5-ADJCHANGE: neighbor 10.10.10.1 Down Peer closed the session
6500#
6500#
6500#
00:14:45: %SEC-6-IPACCESSLOGP: list bgp-control denied tcp 10.10.10.1(11004) -> 10.10.10.7(179), 1 packet
00:14:47: %BGP-5-ADJCHANGE: neighbor 10.10.10.1 Up 
6500#
00:14:47: %SEC-6-IPACCESSLOGP: list bgp-control denied tcp 1.1.1.1(11005) -> 7.7.7.7(179), 1 packet
00:14:48: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up 
6500#
6500#
6500#
6500#sh ip bgp neighbors 1.1.1.1 | inc (path-mtu|max data)   
Datagrams (max data segment is 1460 bytes):
6500#
6500#sh ip bgp neighbors 10.10.10.1 | inc (path-mtu|max data)
Datagrams (max data segment is 1460 bytes):
6500# 


Valid for both iBGP and eBGP.

Thanks.

Antonio Soares, CCIE #18473 (R&S)
amsoares at netcabo.pt

-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com] 
Sent: quinta-feira, 19 de Fevereiro de 2009 19:32
To: Antonio Soares; Phil Mayers
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] BGP MSS=576 bytes

Antonio Soares <> wrote on Thursday, February 19, 2009 18:38:

> This is what i got with 12.2(18)SXF15a and "ip tcp path-mtu-discovery" 
> enabled:
> 
> 6500#sh ip bgp neighbors 1.1.1.1 | inc (path-mtu|max data) Datagrams 
> (max data segment is 536 bytes):
> 6500#
> 6500#
> 6500#sh ip bgp neighbors 10.10.10.1 | inc (path-mtu|max data) 
> Datagrams (max data segment is 1460 bytes):
> 6500#
> 
> MSS=1460 for directly connected peerings and MSS=536 for non-directly 
> connected peerings. Got the same behavior for iBGP and eBGP.

did you enable it on both ends and did you reset the session?

> So basically it didn't work as i was expecting. It seems SXI puts some 
> order here.
 
As far as I know, SXI allows to enable/disable PMTUD per BGP neighbor, and defaults to PMTUD being enabled..

	oli


> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Phil Mayers
> Sent: domingo, 15 de Fevereiro de 2009 11:53
> To: Antonio M. Soares
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] BGP MSS=576 bytes
> 
> Antonio M. Soares wrote:
>> Hello group,
>> 
>> I have a 6500 running 122-18.SXF7 with lots of BGP peers and all of 
>> the BGP sessions have negotiated a MSS of 536 bytes. Here's an
> 
> I think you need a newer IOS. Certainly under SXI I see:
> 
> ac-core#sh ip bgp neighbors  | inc path-mtu|max data seg
>    Transport(tcp) path-mtu-discovery is enabled Datagrams (max data
>    segment is 536 bytes): Transport(tcp) path-mtu-discovery is
>    enabled Datagrams (max data segment is 1460 bytes): Transport(tcp)
>    path-mtu-discovery is enabled Datagrams (max data segment is 9060
> bytes): Transport(tcp) path-mtu-discovery is enabled Datagrams (max 
> data segment is 536 bytes):
> 
> ...depending on whether the neighbor is similarly equipped to be 
> jumbo-framed and PMTU. _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list