SRX

I have noticed that when you set up your vlan interface , a default mtu is set. Vlan mtu equals 9192. When I added ipv6 addressing I think I set it to 9174. Must have been default, I don't remember. Is it better to match these two numbers? What are the implications of setting them the same as oppossed to a little different like they currently are?

Hi, Eugene

 

Can you post the output from these commands to elaborate an answer based on them?

 

> show configuration interface [VLAN_INTERFACE]

> show interfaces externsive [VLAN_INTERFACE]

 

 Regards,

 

Esteban

Physical interface: vlan, Enabled, Physical link is Up
  Interface index: 133, SNMP ifIndex: 506, Generation: 136
  Type: VLAN, Link-level type: VLAN, MTU: 9000, Clocking: Unspecified, Speed: 2000mbps
  Device flags   : Present Running
  Link type      : Full-Duplex
  Physical info  : Unspecified
  Hold-times     : Up 0 ms, Down 0 ms
  Current address: 28:8a:1c:40:15:10, Hardware address: 28:8a:1c:40:15:10
  Alternate link address: Unspecified
  Last flapped   : 2018-08-27 22:18:21 PDT (2d 06:00 ago)
  Statistics last cleared: Never
  Traffic statistics:
   Input  bytes  :           1125134517                 4312 bps
   Output bytes  :          35602136591                 3384 bps
   Input  packets:             14287984                    8 pps
   Output packets:             25756930                    3 pps
  Input errors:
    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0, Resource errors: 0
  Output errors:
    Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors: 0

  Logical interface vlan.0 (Index 87) (SNMP ifIndex 507) (Generation 154)
    Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.3 ]  Encapsulation: ENET2
    Bandwidth: 0
    Traffic statistics:
     Input  bytes  :            427688405
     Output bytes  :          12884733722
     Input  packets:              3842216
     Output packets:              9751930
    Local statistics:
     Input  bytes  :             15372726
     Output bytes  :              9436920
     Input  packets:               188994
     Output packets:                44567
    Transit statistics:
     Input  bytes  :            412315679                 1720 bps
     Output bytes  :          12875296802                 1096 bps
     Input  packets:              3653222                    2 pps
     Output packets:              9707363                    1 pps
    Security: Zone: trust
    Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf ospf3 pgm pim rip ripng
    router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike netconf ping reverse-telnet
    reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip dhcpv6 r2cp
    Flow Statistics :
    Flow Input statistics :
      Self packets :                     197815
      ICMP packets :                     502
      VPN packets :                      0
      Multicast packets :                206288
      Bytes permitted by policy :        347231174
      Connections established :          62905
    Flow Output statistics:
      Multicast packets :                0
      Bytes permitted by policy :        11010156755
    Flow error statistics (Packets dropped due to):
      Address spoofing:                  0
      Authentication failed:             0
      Incoming NAT errors:               373
      Invalid zone received packet:      0
      Multiple user authentications:     0
      Multiple incoming NAT:             0
      No parent for a gate:              0
      No one interested in self packets: 0
      No minor session:                  0
      No more sessions:                  0
      No NAT gate:                       0
      No route present:                  2679
      No SA for incoming SPI:            0
      No tunnel found:                   0
      No session for a gate:             0
      No zone or NULL zone binding       0
      Policy denied:                     0
      Security association not active:   0
      TCP sequence number out of window: 32
      Syn-attack protection:             0
      User authentication errors:        0
    Protocol inet, MTU: 8982, Generation: 171, Route table: 0
      Flags: Sendbcast-pkt-to-re
      Addresses, Flags: Is-Preferred Is-Primary
        Destination: 192.168.1/24, Local: 192.168.1.1, Broadcast: 192.168.1.255, Generation: 240
    Protocol inet6, MTU: 8982, Generation: 172, Route table: 0
      Flags: User-MTU
      Addresses, Flags: Is-Preferred
        Destination: fe80::/64, Local: fe80::x:xxxx:xxxx:xxxx
    Generation: 246

 

 

 

I changed my mtu to a different value, i could not match the ipv6 with the base

interface mtu. vlan mtu vs. vlan.0 ipv6 mtu . Says ipv6 number must not be greater

than vlan mtu. Any comments about the rest is appreciated. I also want to know if

1536 on other devices is adviseable? I.E. , 1536 * 6 = 9216 . Wireless AP's are the

target devices.

Eugene,

 

I believe we need to start by defining MTU, which is not other thing than the size of the packets/frames that can be received or sent over a logical/physical interface. Note that the size will depend on the fact that we are talking about frames (at layer 2) or packets (at layer 3); this is why I stated that the MTU is the size of the packet/frame that a logical/physical interface can process.

 

When a host will be sending data, it will be encapsulated in a way similar to this one:

 

DATA    +   L4 Header      + L3 Header +      L2 Header
                     (TCP/UDP)                (IP)             (ETHERNET)

When the MTU related to the logical interface (aka Protocol MTU) is calculated, we are talking about the size of the IP packets that the interface can process. This value includes the size of the data being sent (the payload) plus the L4 and L3 headers' size. Note that the L2 header size is not taken in to consideration. For regular Ethernet networks generally this protocol MTU is 1500 bytes:

 

TCP packet:

 

  PAYLOAD (1460Bytes)+ TCP Header (20 bytes)+ IP Header (20 bytes)= A packet (1500 bytes)

When the MTU related to the physical interface (aka Interface MTU) is calculated, we are talking about the size of the frames that the interface can process. This counts the amount of data being sent plus the L4, L3 and L2 headers. For instance a regular Ethernet frame has a size of 1518bytes:

 

TCP packet:

 

  PAYLOAD (1460Bytes)+ TCP Header (20 bytes)+ IP Header (20 bytes)+ Ethernet Header (18 bytes)= A frame (1518 bytes)

Now we can understand why we see more than one MTU value in the "show interfaces extensive" output for the same interface:

 

  Logical interface vlan.0
       Protocol inet, MTU: 8982      <<<<< Protocol MTUs
       Protocol inet6, MTU: 8982

  Physical interface: vlan
        Link-level type: VLAN, MTU: 9000   <<<<< Interface MTU

Note that the Interface MTU is 18bytes bigger than the Protocol MTU because the first one takes in to consideration the Ethernet header size.

 

Knowing the above information, now lets review your questions:

 

Q.I have noticed that when you set up your vlan interface , a default mtu is set. Vlan mtu equals 9192. When I added ipv6 addressing I think I set it to 9174. Must have been default, I don't remember. Is it better to match these two numbers?

 

A/ You wont be able to match them. One represents the size of the packets (Protocol MTU, a L3 concept) and the other one the size of the frames (Interface MTU, a L2 concept). The last one includes 18 more bytes than the first one.

Q.What are the implications of setting them the same as opposed to a little different like they currently are?

 

A/ A packet of a size of 1500 bytes can be sent over a logical interface that has a Protocol MTU of 1500. But when the Ethernet header is added, that packet becomes a frame of 1518 bytes, and having a physical interface configured with a Interface MTU of 1500 will avoid/prevent that 1518 frame to be sent. This is why when you manually set the Protocol MTU, the Interface MTU will automatically change to a value 18ytes bigger.

 

Q. I changed my mtu to a different value, i could not match the ipv6 with the base interface mtu. vlan mtu vs. vlan.0 ipv6 mtu. Says ipv6 number must not be greater than vlan mtu

 

A/ They are never supposed to be the same. The interface MTU will be normally (if not always) 18bytes bigger than the protocol MTU because while the protocol MTU talks about packets' sizes, the interface MTU talks about frames' sizes that include the 18 more bytes of the Ethernet header.

Q. 1536 on other devices is advisable?

 

R/ You have to understand if you are configuring Protocol or Interface MTU. Lets say you are configuring the Protocol MTU (defining the size of the packets that can be sent by a logical interface). If the SRX will send a packet size of 8982 bytes, after this packet gets encapsulated at L2 (an Ethernet header of 18 bytes will be added), the size of the resulting frame will be of 9000bytes. The sending physical interface should have a Interface MTU of 9000, else it will drop that frame because it exceeds the size of the frames that the interface can send.

 

Once the 9000 bytes frame reaches the remote physical interface, it will be accepted only if the remote physical interface has a Interface MTU of 9000 or higher. Once the Ethernet header is removed, we will have a 8982 bytes packet, that could be accepted/processed only if the logical interface has a Protocol MTU of 1500 or higher.

 

I hope that the above information helps you.