[j-nsp] SSH/Telnet session hanging

Kevin Oberman oberman at es.net
Wed Jun 1 15:38:40 EDT 2011


> From: Mark Tinka <mtinka at globaltransit.net>
> Date: Wed, 1 Jun 2011 18:02:52 +0800
> Sender: juniper-nsp-bounces at puck.nether.net
> 
> On Wednesday, June 01, 2011 05:19:24 PM Muhammad Adnan 
> Mohsin wrote:
> 
> > Hi Alexander & rest of the experts,
> > The MTU size in the whole network is set to 4492. But on
> > this router and the router connected to it, the MTU size
> > recommended by the transmission team is 2000. So it's
> > configured 2000 on this router and 1950 is configured on
> > the router that connects to it.
> 
> Is this portion of the network different due to limitations 
> with the Transmission backbone in this area?
> 
> > Can somebody guide me
> > how should i play with the MTU size to resolve this
> > issue.
> 
> If you can't raise the MTU on this router to be the same as 
> what the rest of your network has, as Alex has already 
> recommended, try lowering the MTU on your SSH host, if 
> possible.
> 
> > BGP also flaps with one of the RRs. I assume that
> > this could also relate to the MTU issue.
> 
> You could try setting your TCP MSS to something lower than 
> what the link supports, e.g.:
> 
> 	set protocols bgp tcp-mss 1000
> 
> You can keep playing with that until you get to a value low 
> enough that gets things working, but doesn't reduce the 
> performance of your BGP convergence.
> 
> These are band aids. My recommendation would be to find out 
> if you can have a consistent MTU across the backbone, if at 
> all possible.

I'd go a step farther and say that if you can't make all MTUs
consistent, at least make both ends of a circuit have the same MTU. This
should fix the BGP issue and, assuming PMTU works (BIG if), things
should work fine for BGP. DNS might be a different story, especially if
anything that needs DNS is blocking 53/tcp.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751


More information about the juniper-nsp mailing list