[j-nsp] SSH/Telnet session hanging
Mark Tinka
mtinka at globaltransit.net
Wed Jun 1 14:16:32 EDT 2011
On Thursday, June 02, 2011 01:58:21 AM Jeff Wheeler wrote:
> I believe that vendors have made a mistake by changing
> this default, but it is inconsequential to most networks
> because they have a consistent MTU across their whole
> backbone. If you don't, you should base the iBGP TCP
> MSS on the smallest value which is safe for your
> network, and not use Path MTU Detection. You can decide
> to figure this on a per-session basis, but this simply
> produces complexity for minimal gain in convergence
> time.
We have two networks, they all run Jumbo frames across the
board. One does 9,192 bytes, the other does 9,000 bytes.
In all cases, we decided to set the 'tcp-mss' in Junos
systems to 1,500 bytes, which is the lowest MTU we have in
our network - toward our upstreams and peers.
Like you've pointed out, you can run 'tcp-mss' per group,
but this just gives you more headache than it's worth. So to
make it consistent from our border/peering routers to our
core and edge routers, we simply use 1,500 bytes. This has
worked very well, and performance has not been impacted.
For the Cisco's, I wrote this on 'c-nsp' back in '09:
http://www.mail-archive.com/cisco-
nsp at puck.nether.net/msg18844.html
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110602/b931466b/attachment.pgp>
More information about the juniper-nsp
mailing list