[j-nsp] J/SRX and ip fragmentation
Richard A Steenbergen
ras at e-gerbil.net
Mon Jan 25 22:20:31 EST 2010
On Mon, Jan 25, 2010 at 03:04:39PM -0600, Richard A Steenbergen wrote:
> Perhaps somebody with some experience on these platforms can help answer
> this one. I have an SRX210 running 10.0R2 at my house, running an IPSEC
> ESP'd GRE tunnel over my trusty home connectivity to a J2300 on the
> other end (running 9.3R4, the last real junos image made for 'em). The
> network in the middle is of course some clunky old 1500-byte-only, so of
> course I have to dial down my MTU on the tunnel to something in the 1420
> dept. Now, for ordinary tcp traffic this isn't a problem because I can
> just adjust the mss and avoid fragmentation in the first place, but I
> happen to have some non-tcp traffic which is breaking because of the
> restricted MTU.
Oh good lord. I tried to downgrade the SRX from 10.0R2 to 9.6R2 after a
few people suggested off-list that there might be some sw bugs, but the
SRX never came back from the upgrade:
FreeBSD/MIPS U-Boot bootstrap loader, Revision 1.6
(builder at ormonth.juniper.net, Sat Dec 12 15:59:41 UTC 2009)
Memory: 1024MB
[1]Booting from nand-flash slice 1
Un-Protected 1 sectors
writing to flash...
Protected 1 sectors
\
can't load '/kernel'
can't load '/kernel.old'
Press Enter to stop auto bootsequencing and to enter loader prompt.
Type '?' for a list of commands, 'help' for more detailed help.
loader> ls
open '/' failed: no such file or directory
Now here's the fun part... there is no install-media for the small SRX
boxes on Juniper's website, only the 3000/5000. So how does one recover
from something like this? All I have to say is thank god this is only
for my home use, 'cause I'd hate to see someone try to use this POS in a
production environment.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list