Re: [j-nsp] Jumbo frames / mismatch MTU
On Fri, Apr 23, 2021 at 01:23:32PM +, Matthew Crocker wrote: > The SRX devices are limited to an MTU of 1600 due to the TLS carrier they are > using to connect back to the QFX. > > I need to support 9K frames from one ACX to another over this network. The > QFX is configured for MTU of 9192 on all interfaces. When I configure a > couple ACXs with 9192 MTU the OSPF & LDP sessions go away. > > I can ping ACX to ACX with 9k packets just fine. > Everything is working. If I ‘set mtu 9192’ everything breaks Just set the IP MTU in addition to the physical L2 "mtu". That way you don't have to care about calculating any possible differences caused by encapsulation overhead: set interface ... family inet mtu 9000 But how are you planning on overcoming the 1600 limitation on the TLS carrier? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Jumbo frames / mismatch MTU
Yeah, crazy how there's many mtu differences...apparently cosmetic since we all know ethernet always has a header ! IOS (classic and XE) doesn't include eth header IOS-XR like MX - does include eth header For some reason on my MX104's I did... set interfaces ae10 mtu 9192 here's some things I've flipped on acx5048 for interfaces and vpls or l2circuits set interfaces ge-0/0/47 mtu 9216 set protocols l2circuit neighbor 10.10.10.3 interface ge-0/0/47.100 mtu 1500 set routing-instances 500 protocols vpls mtu 9216 you can ignore mtu in ospf, although, I prefer to fix instead of ignore. Also, I recall having something weird, where I ospf neighbored over a 3rd part tls service, and when they made changes to the transport, that my ospf started having issues establishing neighborship (also, your mention of ldp dropping, probably has everything to do with broken ospf, as I understand ldp needs to the /32 loopbacks to fully establish... the initial ldp is link local mcast, but the ldp step 2 is a tcp session to the adjacent loopbacks... hence IGP must be up) -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Jumbo frames / mismatch MTU
On Fri, Apr 23, 2021 at 8:35 AM Matthew Crocker wrote: > Currently the ACX interface is: > > xe-0/3/0 > mtu 1600; > unit 0 { > family inet { > sampling { > input; > output; > } > address 10.200.1.1/24; > } > family mpls; > } You could also `set interfaces xe-0/0/3.0 family inet mtu ` to force the IP mtu without having to calculate from the interface MTU. We've done this in spots where routers/switches have different interface MTUs (9192 / 9216) to keep the value the same at layer3. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Jumbo frames / mismatch MTU
Hey, > Juniper counts layer 2 the header as well for MTU, unlike most of the > vendors. > Juniper side MTU has to be set 14 bytes bigger and your OSPF and LDP > should come up > Good luck!! > Not sure this is the reason. Considering he is stating his network is all JNPR, and considering modern CSCO and NOK count MTU the same way as JNPR (doesn't make it any less wrong, ofc). I don't think there is enough information to answer OP, but one possibility is that he runs VLAN tagging on the QFX core, and the frames sent by edge to core are too large to allow for additional 4B. -- ++ytti ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Jumbo frames / mismatch MTU
Hi, Juniper counts layer 2 the header as well for MTU, unlike most of the vendors. Juniper side MTU has to be set 14 bytes bigger and your OSPF and LDP should come up Good luck!! Sent from my iPhone > On 23 Apr 2021, at 15:36, Matthew Crocker wrote: > > > Hello, > > I have a network configured with a QFX core, 10 ACX2200 & 10 SRX300s. The > ACXs are connected to the QFX via 10G links and the SRX300s are connected via > a Transparent LAN type service.The ACX & SRX have LDP,OSPF & BGP running > to support MPLS on the QFX facing interfaces. The QFX is setup as a simple > layer 2 device and is not running MPLS. > > Each ACX & SRX has a 10G or 1G interface configured, connected to the QFX > with an IP from 10.200.1.0/24. Each router has a loopback lo0 with a /32 > from 10.200.2.0/24. All routers dynamically share loopback IPs via LDP & > OSPF. All routers have BGP full mesh and establish BGP sessions to the > loopback addresses once they are learned. > > The SRX devices are limited to an MTU of 1600 due to the TLS carrier they are > using to connect back to the QFX. > > I need to support 9K frames from one ACX to another over this network. The > QFX is configured for MTU of 9192 on all interfaces. When I configure a > couple ACXs with 9192 MTU the OSPF & LDP sessions go away. > > I can ping ACX to ACX with 9k packets just fine. > > For some reason LDP or OSPF don’t get established the ACXs never learn the > lo0 IPs of their peers which causes BGP to fail. > > I’ve enabled mtu-discovery in OSPF & LDP to no avail > Is there some other setting I’m missing? > > Am I allowed to have most routers running MTU 1600 and a couple running 9k? > I only really need one ACX <-> QFX <-> ACX path to support 9k for SAN > replication between buildings > > Currently the ACX interface is: > > xe-0/3/0 > > mtu 1600; > > unit 0 { > >family inet { > >sampling { > >input; > >output; > >} > >address 10.200.1.1/24; > >} > >family mpls; > > } > > > > lo0 > > unit 0 { > >family inet { > >address 10.200.2.1/32; > >} > > } > > > protocols ldp > > interface ge-0/0/0.0; > > interface xe-0/3/0.0; > > interface lo0.0; > > > protocols ospf > > traffic-engineering; > > export [ export-direct export-statics ]; > > area 0.0.0.0 { > >interface lo0.0; > >interface xe-0/3/0.0; > >interface ge-0/0/0.0; > > } > > I’ve backed out the mtu-discovery for LDP & OSPF. > > Everything is working. If I ‘set mtu 9192’ everything breaks > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Jumbo frames / mismatch MTU
Hello, I have a network configured with a QFX core, 10 ACX2200 & 10 SRX300s. The ACXs are connected to the QFX via 10G links and the SRX300s are connected via a Transparent LAN type service.The ACX & SRX have LDP,OSPF & BGP running to support MPLS on the QFX facing interfaces. The QFX is setup as a simple layer 2 device and is not running MPLS. Each ACX & SRX has a 10G or 1G interface configured, connected to the QFX with an IP from 10.200.1.0/24. Each router has a loopback lo0 with a /32 from 10.200.2.0/24. All routers dynamically share loopback IPs via LDP & OSPF. All routers have BGP full mesh and establish BGP sessions to the loopback addresses once they are learned. The SRX devices are limited to an MTU of 1600 due to the TLS carrier they are using to connect back to the QFX. I need to support 9K frames from one ACX to another over this network. The QFX is configured for MTU of 9192 on all interfaces. When I configure a couple ACXs with 9192 MTU the OSPF & LDP sessions go away. I can ping ACX to ACX with 9k packets just fine. For some reason LDP or OSPF don’t get established the ACXs never learn the lo0 IPs of their peers which causes BGP to fail. I’ve enabled mtu-discovery in OSPF & LDP to no avail Is there some other setting I’m missing? Am I allowed to have most routers running MTU 1600 and a couple running 9k? I only really need one ACX <-> QFX <-> ACX path to support 9k for SAN replication between buildings Currently the ACX interface is: xe-0/3/0 mtu 1600; unit 0 { family inet { sampling { input; output; } address 10.200.1.1/24; } family mpls; } lo0 unit 0 { family inet { address 10.200.2.1/32; } } protocols ldp interface ge-0/0/0.0; interface xe-0/3/0.0; interface lo0.0; protocols ospf traffic-engineering; export [ export-direct export-statics ]; area 0.0.0.0 { interface lo0.0; interface xe-0/3/0.0; interface ge-0/0/0.0; } I’ve backed out the mtu-discovery for LDP & OSPF. Everything is working. If I ‘set mtu 9192’ everything breaks ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp