Routing

last person joined: 4 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  MSS for GRE

    Posted 08-07-2012 04:22

    I bulid a gre tunnel with 3rd party in M7i

     

    interface ge0/0/0 is the int which face outside

     

    how to configure mss in this M7i

     

    in whole router or under interface?



  • 2.  RE: MSS for GRE

    Posted 08-07-2012 08:15

    Hello,

    You will need an ASM module, AS-PIC or MS-PIC to be able to adjust TCP MSS on M7i router.

    The config example is here

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB24352&cat=MX960_1&actp=LIST

    HTH

    Rgds

    Alex

     



  • 3.  RE: MSS for GRE

    Posted 08-07-2012 10:26

     

    I am confused by the config on the link

     

    I need to config all 5 steps in the link?

     

    would u like to give me an real example

     

    ge0/0/0 is interface which is used as tunnel source

     

     

    tunnel interface is gr1/2/0

     



  • 4.  RE: MSS for GRE

    Posted 08-07-2012 13:20

    Hello,

    You can skip step #3 if you are not using VRF/routing-instances.

    Otherwise yes, all 5 steps are necessary.

    Thanks

    Alex



  • 5.  RE: MSS for GRE

    Posted 08-07-2012 16:29

    1:service-interface sp-8/1/0.1; what is this interface?

    should I configure this?

     

     

    2:stateful-firewall { rule Permit-all { match-direction input-output; term 1 { then { accept; }

     

    I permit in both directions

     

    but here

     

     service {
                     input {
                         service-set tcp-mss service-filter mss-filter;
                     }
                     output {
                         service-set tcp-mss service-filter mss-filter;
    why should we enable service set in input and out-put direction?


  • 6.  RE: MSS for GRE
    Best Answer

    Posted 08-08-2012 00:17

    Hello,

     

    @Robert cao wrote:

    1:service-interface sp-8/1/0.1; what is this interface?

    should I configure this?

     

     


    On M7i,:

    - if you have ASM module, you should configure sp-1/2/0.

    - If you have AS-PIC or MS-PIC in any other slot, you should configure sp-0/<PICslot>/0.

    - If you have neither, then TCP MSS adjust is not possible on M7i.

     

    @Robert cao wrote:

     

    2:stateful-firewall { rule Permit-all { match-direction input-output; term 1 { then { accept; }

     

    I permit in both directions

     

    but here

     

     service {
                     input {
                         service-set tcp-mss service-filter mss-filter;
                     }
                     output {
                         service-set tcp-mss service-filter mss-filter;
    why should we enable service set in input and out-put direction?

     

    You must configure SFW rule and use "input-output" direction to allow the traffic flows to be established bidirectionally.
    You must configure service-filter as above and apply it to both "input" and "output" interface-style service-sets because TCP MSS need to be adjusted in both SYN and SYN-ACK.

    HTH

    Rgds

    Alex