[j-nsp] SSH/Telnet session hanging

Richard A Steenbergen ras at e-gerbil.net
Wed Jun 1 20:49:51 EDT 2011


On Thu, Jun 02, 2011 at 02:16:32AM +0800, Mark Tinka wrote:
> 
> We have two networks, they all run Jumbo frames across the 
> board. One does 9,192 bytes, the other does 9,000 bytes.
> 
> In all cases, we decided to set the 'tcp-mss' in Junos 
> systems to 1,500 bytes, which is the lowest MTU we have in 
> our network - toward our upstreams and peers.

Well first off I hope you actually meant "something LOWER than 1500 
bytes", since tcp-mss doesn't include the headers that go into making up 
the 1500 byte IP packet. At a minimum you're looking at 20 bytes of IP + 
20 bytes of TCP, so an mss of 1460, but don't forget to leave room for 
things like TCP MD5.

But more importantly, the maximum packet size for BGP is limited to 4096 
anyways, so the 9000 vs 9192 path mtu really doesn't make any difference 
at all. :) I suppose I could also take this opportunity to gripe about 
an ongoing bug where Juniper's TCP stack occasionally thinks that the 
mss is ~64k, resulting in blackholing of the tcp packets and endlessly 
flapping sessions, but if I get started bitching about new junos bugs 
that are making my life hell right now I might not be able to stop. :(

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the juniper-nsp mailing list