This is not an easy one to resolve as the routing is fine. It appears that these addresses cannot be accessed through another tier 1 ISP either. I am pretty certain the issue is not on our network, it's trying to prove it that's the hard part.
I will close as resolved but if anyone can think of something just write it here. Thanks
We have a definate issue with MTU/MSS somewhere, but trying to work out where is the issue.
From a routing perspective, the correct route back is being utilised. I have also completed wireshark traces where certain packet sizes (1434 total packet size) are not showing from one ISP but are from another. Here is the MTU/MSS configuration:
set access group-profile l2tp-HEX-group-profile ppp ppp-options mru 1468 set access group-profile l2tp-HEX-group-profile ppp ppp-options mtu 1468
As there is no MTU/MRU set on the dynamic interface then this takes precedence.
If I look at the main SI interface, I see the following MTU size:
run show interfaces si-1/1/0 extensive
If I look at the subscriber interface, as follows:
run show interfaces si-1/1/0.3221230823 extensive
Protocol inet, MTU: 1468
Which seems to indicate it is taking the settings from the above mentioned group configuration. However, if I then look at the actual subscriber themselves, I see the following:
run show subscribers user-name <subscriber> extensive
Shows a different MTU size.
The configuration of the MSS is ONLY on the Core upstream bgp peer interface as below:
set interfaces xe-1/2/5 unit 0 family inet tcp-mss 1380
This seems to test outbound okay, but this is an inbound connection. So one of my questions is:
The peer interface with the MSS configuration, is this egress only or egress/ingress?
Also, the differences on the LNS for the MTU, is this likely to be causing a problem please?
I have resolved the issue, and in doing so have made the connectivity faster.
After discovering that on our MX line cards the tcp-mss is for egress only, it was then a matter of resolving where to set the tcp-mss for ingress. You cannot set that on an aggregated interface, so the only place left was the dynamic-profile. So, configured it there and hey presto, fantastic news, all working. Here is the configuration line for anyone wanting it:
set dynamic-profiles dyn-hex-lns-profile interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet tcp-mss 1420