[j-nsp] BGP MTU Mismatch
Alex
alex.arseniev at gmail.com
Wed Jun 22 10:49:48 EDT 2011
If no one replies back with ICMP Unreach type 3 code 4 with "Next-hop MTU" then yes
http://www.faqs.org/rfcs/rfc1191.html
Cheers
Alex
----- Original Message -----
From: Keegan Holley
To: Alex
Cc: Ido Szargel ; juniper-nsp
Sent: Wednesday, June 22, 2011 3:27 PM
Subject: Re: [j-nsp] BGP MTU Mismatch
I don't think this is correct. PMTU discovery uses probes with the DF bit set, the largest one to make it end to end is assumed to be the MTU.
http://en.wikipedia.org/wiki/Path_MTU_Discovery
2011/6/22 Alex <alex.arseniev at gmail.com>
PMTU relies on someone in the path telling you what the MTU is.
And there is no way to check if this someone is telling the truth :-(
I saw this in complex environments such as BGP over GRE over IPSec tunnel.
In this case, the sp-* interface carrying GRE tunnel has to have mtu-discovery itself enabled.
Otherwise it will assume 9192 bytes.
Cheers
Alex
----- Original Message ----- From: "Ido Szargel" <ido at oasis-tech.net>
To: "Keegan Holley" <keegan.holley at sungard.com>; "juniper-nsp" <juniper-nsp at puck.nether.net>
Sent: Wednesday, June 22, 2011 9:50 AM
Subject: Re: [j-nsp] BGP MTU Mismatch
Hi Keegan,
What is most likely to happen is that the session established since those are small packets, then the routers try to send the route messages which are large in case you are sharing full routing table, those messages do not arrive to the other side because of the MTU mismatch, thus causing the keepalive messages to be delayed as well, then when the dead interval kicks in the session flaps.
PMTU under the BGP group/neighbor should normally be enough to solve it.
Regards,
Ido.
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Keegan Holley
Sent: Wednesday, June 22, 2011 11:38 AM
To: juniper-nsp
Subject: [j-nsp] BGP MTU Mismatch
Does anyone know why a BGP session would constantly flap because of an MTU mismatch. I'm sure it's MTU since that is what fixed the problem. The peering is between a cisco and a juniper and both support PMTU discovery. I would assume any mismatches would be settled by the TCP MSS negotiation or fragmentation (admittedly bad). The peering flapped almost every three minutes on the mark so it never made it past the first dead timer interval.
Just curious if someone out there had ever gotten to the bottom of this problem.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list