[j-nsp] SSH/Telnet session hanging
Kevin Oberman
oberman at es.net
Wed Jun 1 15:38:40 EDT 2011
> From: Mark Tinka <mtinka at globaltransit.net>
> Date: Wed, 1 Jun 2011 18:02:52 +0800
> Sender: juniper-nsp-bounces at puck.nether.net
>
> On Wednesday, June 01, 2011 05:19:24 PM Muhammad Adnan
> Mohsin wrote:
>
> > Hi Alexander & rest of the experts,
> > The MTU size in the whole network is set to 4492. But on
> > this router and the router connected to it, the MTU size
> > recommended by the transmission team is 2000. So it's
> > configured 2000 on this router and 1950 is configured on
> > the router that connects to it.
>
> Is this portion of the network different due to limitations
> with the Transmission backbone in this area?
>
> > Can somebody guide me
> > how should i play with the MTU size to resolve this
> > issue.
>
> If you can't raise the MTU on this router to be the same as
> what the rest of your network has, as Alex has already
> recommended, try lowering the MTU on your SSH host, if
> possible.
>
> > BGP also flaps with one of the RRs. I assume that
> > this could also relate to the MTU issue.
>
> You could try setting your TCP MSS to something lower than
> what the link supports, e.g.:
>
> set protocols bgp tcp-mss 1000
>
> You can keep playing with that until you get to a value low
> enough that gets things working, but doesn't reduce the
> performance of your BGP convergence.
>
> These are band aids. My recommendation would be to find out
> if you can have a consistent MTU across the backbone, if at
> all possible.
I'd go a step farther and say that if you can't make all MTUs
consistent, at least make both ends of a circuit have the same MTU. This
should fix the BGP issue and, assuming PMTU works (BIG if), things
should work fine for BGP. DNS might be a different story, especially if
anything that needs DNS is blocking 53/tcp.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the juniper-nsp
mailing list