[j-nsp] MTU Fragmentation

Tom Devries Tom.Devries at rci.rogers.com
Wed Nov 24 09:45:56 EST 2010 

Be sure the path through your network supports sending icmp unreachables
from each node so that the source can fragment if need be.  Additionally
firewalls should not be configured to block icmp unreachables, as this
breaks PMTUD.  If customer firewalls block icmp unreachable type four
messages, then you may need a policy to clear the DF bit for that node.
The idea should be that fragmentation is done on the source and not on
the intermediate nodes.

 

Thanks,

Tom

 

________________________________

From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart
Sent: November-24-10 9:17 AM
To: 'juniper-nsp'
Subject: [j-nsp] MTU Fragmentation

 

Hey folks..



For various reasons, we are going to be faced with some MTU challenges
in
parts of our ongoing Juniper deployments.



We can obtain an MTU right now around 1480 network wide..  This will be
resolved in a year or so we hope but we're in the middle of changes...



My question is the effects of this from an application perspective - we
understand this may add some overhead for fragment processing..



Thoughts? ;)



Paul







_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

________________________________

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1170 / Virus Database: 426/3276 - Release Date: 11/24/10

-------------- next part --------------

This e-mail (and attachment(s)) is confidential, proprietary, may be subject to copyright and legal privilege and no related rights are waived. If you are not the intended recipient or its agent, any review, dissemination, distribution or copying of this e-mail or any of its content is strictly prohibited and may be unlawful. All messages may be monitored as permitted by applicable law and regulations and our policies to protect our business. E-mails are not secure and you are deemed to have accepted any risk if you communicate with us by e-mail. If received in error, please notify us immediately and delete the e-mail (and any attachments) from any computer or any storage medium without printing a copy.

Ce courriel (ainsi que ses pi?ces jointes) est confidentiel, exclusif, et peut faire l?objet de droit d?auteur et de privil?ge juridique; aucun droit connexe n?est exclu. Si vous n??tes pas le destinataire vis? ou son repr?sentant, toute ?tude, diffusion, transmission ou copie de ce courriel en tout ou en partie, est strictement interdite et peut ?tre ill?gale. Tous les messages peuvent ?tre surveill?s, selon les lois et r?glements applicables et les politiques de protection de notre entreprise. Les courriels ne sont pas s?curis?s et vous ?tes r?put?s avoir accept? tous les risques qui y sont li?s si vous choisissez de communiquer avec nous par ce moyen. Si vous avez re?u ce message par erreur, veuillez nous en aviser imm?diatement et supprimer ce courriel (ainsi que toutes ses pi?ces jointes) de tout ordinateur ou support de donn?es sans en imprimer une copie.

More information about the juniper-nsp mailing list