[j-nsp] MTU/MRU issues on ERX-310 (LNS)
Goldschmidt, Bernd
bernd.goldschmidt at siemens.com
Fri Jan 20 12:30:45 EST 2006
Hi Andy,
normaly the ip tcp adjust-mss will solve all MTU problems in a LNS setup (for TCP packets).
This was first developed for an ERX running as a LNS.
You can try to change the profile to:
-------------------------------------
profile "profilename"
ip unnumbered loopback 0
ip sa-validate
ppp mru 1442
ppp authenticate pap
ip tcp adjust-mss 1400
or:
---
profile "profilename"
ip unnumbered loopback 0
ip sa-validate
ppp mru 1442
ppp authenticate pap
ip tcp adjust-mss 1400
ip ignore-df-bit
The ppp mru setting is only helpful when the CPE negotiates/accept the value.
In case of the with www.hotmail.com what MRU was negotiated?
lydia#sh subscribers username bwg at tunnel.com
Subscriber List
---------------
Virtual
User Name Type Addr|Endpt Router
------------------------ ----- -------------------- ------------
bwg at tunnel.com ppp 172.254.101.25/local default
User Name Interface
------------------------ --------------------------------
bb at tunnel.com l2tp 1/1/621771
lydia#sh ppp interface TUNNEL l2tp:1/1/621771 full
PPP interface TUNNEL l2tp:1/1/621771 is up
Interface administrative status is open
Configured network protocol is IPCP
IPCP protocol configuration
configured true
administrative-status open
ip-address x.x.x.x
dns-precedence local
wins-precedence local
ipcp-netmask-option disabled
IPCP protocol status
operational-status up
IPCP negotiated options local peer
ip-address x.x.x.x 172.254.107.26
ip-address-mask none none
primary-dns-address none none
secondary-dns-address none none
primary-wins-address none none
secondary-wins-address none none
IPV6CP protocol configuration
configured false
administrative-status open
ipv6-interfaceId 0:0:0:0
IPV6CP protocol status
operational-status not present
OSINLCP protocol configuration
configured false
administrative-status open
OSINLCP protocol status
operational-status not present
Interface statistics in out
packets 0 0
octets 155 159
errors 0 0
discards 0 0
LCP protocol configuration
max-receive-unit 1442 <----------------------------------------
authentication pap/chap
magic-number enabled
keepalive-timer 30 seconds
restart-timer 3 seconds
max-terminate 2
max-configure 10
max-failure 5
passive-mode disabled
LCP protocol status
link-status network
LCP negotiated options local peer
max-receive-unit 1442 1442 <------------------------------
authentication pap none
magic-number 0x71f0770e 0x5768caf4
accm none none
pfc none none
acfc none none
LCP protocol statistics
in-keepalive-requests 3
out-keepalive-requests 3
in-keepalive-replies 3
out-keepalive-replies 3
keepalive-failures 0
Authentication configuration
authenticate-retry 0
authentication-router ''
aaa-profile ''
Authentication status
grant true
session-timeout 31622400 seconds
inactivity-timeout none
accounting-timeout none
peer-ip-address 172.254.107.26
peer-ip-address-mask none
peer-primary-dns-address x.x.x.x
peer-secondary-dns-address x.x.x.x
peer-primary-wins-address none
peer-secondary-wins-address none
peer-ipv6-interface-id none
Authentication statistics
up-time 272 seconds
in-octets 96
out-octets 96
in-packets 0
out-packets 0
PAP protocol configuration
request-timeout 20 seconds
CHAP protocol configuration
name ''
challenge-retry 10
challenge-timeout 4 seconds
minimum-challenge-length 16
maximum-challenge-length 32
minimum-rechallenge-timeout 0 seconds
maximum-rechallenge-timeout 0 seconds
lydia#
2 1/2 days???
Which JTAC?
Gruß
Bernd.
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> Andy Lamontagne
> Sent: Thursday, January 19, 2006 3:07 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] MTU/MRU issues on ERX-310 (LNS)
>
> Hey everyone,
>
> I've been trying for more than 3 days to get our ERX-310
> (LNS) in service.
> After 2 1/2 days troubleshooting with JTAC, we were finally
> able to bring up
> the session (L2TP).
>
> Now that we can connect and get an IP from RADIUS, we are
> running into a MTU
> and/or MRU issue.
>
> According to documentation (and JTAC) we should only need to inlcude
>
> ppp mru 1442
>
> in our profile.
>
> The setup looks like this
>
> ==============================================================
> ==========
> l2tp destination profile "profile_name" virtual-router
> "virtual_router_name"
> ip address 10.x.x.x
> remote host "remotehostname"
> profile "profilename"
> local host "localhostname"
> local ip address 10.x.x.x
> disable proxy lcp
> enable proxy authenticate
>
> profile "profilename"
> ip unnumbered loopback 0
> ip sa-validate
> ppp mru 1442
> ppp authenticate pap
>
> ==============================================================
> ==========
>
> When connected via PPPoE (software or xDSL/router modem) we
> are unable to
> access many sites (ex: www.hotmail.com) and use the MSN
> Messanger client.
>
> We've tried different configurations (ex: setting MTU to
> different values,
> MRU to different values as well as "ip tcp adjust-mss" to
> different values)
> and no luck.
>
> We also have "ip tunnel reassembly" enable on the router.
>
> We do not have access to the LAC, but we do have a Cisco
> Router as an LNS
> working without a problem.
>
> We have tried to mirror the config from our existing /
> functioning Cisco
> LNS, but have had no luck.
>
> Has anyone had any experience setting up an ERX as an LNS
> connecting to
> another ERX ( - 1410- LAC) ...
>
> Any suggestions welcome!
>
> Thanks
>
> Andy
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list