[j-nsp] SSH/Telnet session hanging
Richard A Steenbergen
ras at e-gerbil.net
Wed Jun 1 20:49:51 EDT 2011
On Thu, Jun 02, 2011 at 02:16:32AM +0800, Mark Tinka wrote:
>
> We have two networks, they all run Jumbo frames across the
> board. One does 9,192 bytes, the other does 9,000 bytes.
>
> In all cases, we decided to set the 'tcp-mss' in Junos
> systems to 1,500 bytes, which is the lowest MTU we have in
> our network - toward our upstreams and peers.
Well first off I hope you actually meant "something LOWER than 1500
bytes", since tcp-mss doesn't include the headers that go into making up
the 1500 byte IP packet. At a minimum you're looking at 20 bytes of IP +
20 bytes of TCP, so an mss of 1460, but don't forget to leave room for
things like TCP MD5.
But more importantly, the maximum packet size for BGP is limited to 4096
anyways, so the 9000 vs 9192 path mtu really doesn't make any difference
at all. :) I suppose I could also take this opportunity to gripe about
an ongoing bug where Juniper's TCP stack occasionally thinks that the
mss is ~64k, resulting in blackholing of the tcp packets and endlessly
flapping sessions, but if I get started bitching about new junos bugs
that are making my life hell right now I might not be able to stop. :(
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list