[j-nsp] JUNIPER L3VPN MPLS LAB - MTU (Giuliano Medalha)

Christian V Petersen christian.v.petersen at gmail.com
Wed Jun 11 03:11:34 EDT 2014 

Hello :)

To me it sounds like a routing issue - if you remove an IP-interface and
then it works, then check the connectivity over this interface. Can you
ping the host you want to SSH to?

Could it be that the IP-interface it not configured correctly but you are
routing the traffic over this interface? (static?)

As far as I know its the IP-layer that re-assembles all fragments and
presents this to higher layers. But with MTU around 1500 I dont suspect
your SSH-traffic will be fragmented - just forwarded.

Hope this helps! :)
BR
CVP

On Mon, Jun 9, 2014 at 6:00 PM, <juniper-nsp-request at puck.nether.net> wrote:

> Send juniper-nsp mailing list submissions to
>         juniper-nsp at puck.nether.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://puck.nether.net/mailman/listinfo/juniper-nsp
> or, via email, send a message with subject or body 'help' to
>         juniper-nsp-request at puck.nether.net
>
> You can reach the person managing the list at
>         juniper-nsp-owner at puck.nether.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of juniper-nsp digest..."
>
>
> Today's Topics:
>
>    1. JUNIPER L3VPN MPLS LAB - MTU (Giuliano Medalha)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 8 Jun 2014 14:48:58 -0300
> From: Giuliano Medalha <giuliano at wztech.com.br>
> To: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> Subject: [j-nsp] JUNIPER L3VPN MPLS LAB - MTU
> Message-ID:
>         <CAMw=
> 8hQ3e5TU-TeWhGg3zVK3QwkhdL2icWZZq+5nq-9fdNtq9A at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> ?Hello everyone,
>
> Doing some lab tests with JUNIPER SRX100H2 equipments (packet-mode).
>
> Basically we have:
>
>                   --- P3 --- P4 ---
>                -                         -
>      PE-1 -                             - PE-2
>                -                         -
>                   --- P1 --- P3 ---
>
>
> All fast interfaces are configured like:
>
> set interfaces fe-0/0/0 mtu 1534
> set interfaces fe-0/0/0 unit 0 family inet mtu 1500
> set interfaces fe-0/0/0 unit 0 family inet6 mtu 1500
> set interfaces fe-0/0/0 unit 0 family mpls mtu 1520
>
>
> MPLS MTU = IP MTU + 20 byte
>
> After commit the system asks to configure Interface MTU with 1534 bytes
> (MPLS MTU + MTU overhead = 14 bytes)
>
> The VRF can converge and everything works fine.
>
> The questions about this configuration are:
>
> - When we access P1 ... it cannot run ssh to P3 directly.  SSH do not work.
>
> - If we remove fe-0/0/0 unit 0  family inet mtu it works fine.
>
>
> This configuration is correct for fast ethernet using RSX ?
>
> We do not test VRF with applications (FTP, HTTP, etc) ... it will work ?
>
> Inside VRF we have another interfaces (PE routers) ... Do we need to
> configure interface MTU for VRF too ?
>
>
>
> Anyone knows why SSH is not working  between boxes ?   Could be
> fragmentation ?
>
> Thanks a lot,
>
> Giuliano
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> juniper-nsp mailing list
> juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> ------------------------------
>
> End of juniper-nsp Digest, Vol 139, Issue 7
> *******************************************
>



-- 
vh
Christian

More information about the juniper-nsp mailing list