SRX Services Gateway
SRX Services Gateway

Sessions between VLANs/security zones dies when sending large amount of data?

‎03-28-2012 07:19 AM

Hi All,


I have the following setup:


Linux host (with guests(VLAN100)) (VLAN200) ----- Juniper SRX100 ----- Clients (VLAN300)


The Linux host (CentOS) uses eth0 (untagged).

The guest system (Ubuntu, Debian, Linux) uses VLAN100 (tagged).

Clients Windows, Mac whatever is untagged.


Each VLAN have their own security zone.


So, when I SSH to a guest system from a client, I get a connection, but when I generate large amount of data eg. dmesg, the SSH session dies, and I have to create a new session; the same is the case if I use telnet. I did a wireshark and get a lost segment just before the SSH/telnet connection dies.

I thought it might be MTU (due to the 802.1Q VLAN tag) and found that when I lower the MTU to 1480 it works; even though the 802.1Q VLAN tag is bigger.


It's just that I've never experienced the MTU on VLAN to be a problem before; I'm quite new on Junos and SRX, I have mostly worked with Cisco and HP and minor vendors, so I'm not sure that the MTU is the actual root cause and not just a work around.


Have anyone experienced this before or have any clues on what it could be?