[j-nsp] MTU on pseudowire over GRE

Payam Chychi pchychi at gmail.com
Fri Apr 15 15:27:20 EDT 2011


Hey,

Are you dropping the fragmented pks on the end dst?

What mtu value are you using on your egress inet interface and LAN
interface? Remember that gre has 24byte overhead so your LAN side
needs to always be $x - 24 so if using 1508 on ur .inet facing
interface then your  LAN facing max mtu value should be 1484 else when
client/server calculate mss they use the interface mtu as the mss
value and add DF bit 1 on the frame since both sides don't see
problems with 1500 size mss *default value* (while your internet/GRE
side if the interface must fragment the packets due to oversized
frames)

That's why most times you get fragmented packets that don't reassemble
at the dst side or simply get dropped on the path where the link does
not support DF bit set to 1 (per interface option)

Another solution is to simply increase mtu size on the ptp GRE
links/path (if its a direct connection or you control your own
backbone) to 1524 and avoid server/client mtu modifications

Hope this helps... And if not, sorry for the ramble :)

On 4/15/11, Leigh Porter <leigh.porter at ukbroadband.com> wrote:
> Hello Rafal,
>
> Its been a while since you posted this! Did you ever manage the 1500B
> MTU with this?
>
> I have some SRX boxes that correctly fragment the outgoing GRE packets
> but the other Juniper does not reassamble them.
>
> Thanks,
> Leigh
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Rafal
> Grzeskowiak
> Sent: 09 June 2010 13:19
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] MTU on pseudowire over GRE
>
> Hi!
>
>   Is that possible to have MTU=1500B on any kind of pseudowire
> configured over GRE tunnel between 2 J-series routers?
> The tunnel is established over the internet, with access links'
> MTU=1500B on both sides. I tried with CCC, l2circuit, l2vpn and various
> settings of fragmentation, but I can't reach 1500B.
>
> Rafal
>
> --
> regards,
> Rafal Grzeskowiak
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

-- 
Sent from my mobile device

Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer


More information about the juniper-nsp mailing list