SRX

Expand all | Collapse all

Vlan mtu, and ipv6 mtu.

Jump to Best Answer
  • 1.  Vlan mtu, and ipv6 mtu.

    Posted 08-28-2018 14:38
    I have noticed that when you set up your vlan interface , a default mtu is set. Vlan mtu equals 9192. When I added ipv6 addressing I think I set it to 9174. Must have been default, I don't remember. Is it better to match these two numbers? What are the implications of setting them the same as oppossed to a little different like they currently are?


  • 2.  RE: Vlan mtu, and ipv6 mtu.

    Posted 08-29-2018 22:30

    Hi, Eugene

     

    Can you post the output from these commands to elaborate an answer based on them?

     

    > show configuration interface [VLAN_INTERFACE]

    > show interfaces externsive [VLAN_INTERFACE]

     

     Regards,

     

    Esteban



  • 3.  RE: Vlan mtu, and ipv6 mtu.

    Posted 08-30-2018 04:35

    Physical interface: vlan, Enabled, Physical link is Up
      Interface index: 133, SNMP ifIndex: 506, Generation: 136
      Type: VLAN, Link-level type: VLAN, MTU: 9000, Clocking: Unspecified, Speed: 2000mbps
      Device flags   : Present Running
      Link type      : Full-Duplex
      Physical info  : Unspecified
      Hold-times     : Up 0 ms, Down 0 ms
      Current address: 28:8a:1c:40:15:10, Hardware address: 28:8a:1c:40:15:10
      Alternate link address: Unspecified
      Last flapped   : 2018-08-27 22:18:21 PDT (2d 06:00 ago)
      Statistics last cleared: Never
      Traffic statistics:
       Input  bytes  :           1125134517                 4312 bps
       Output bytes  :          35602136591                 3384 bps
       Input  packets:             14287984                    8 pps
       Output packets:             25756930                    3 pps
      Input errors:
        Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0, Resource errors: 0
      Output errors:
        Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors: 0

      Logical interface vlan.0 (Index 87) (SNMP ifIndex 507) (Generation 154)
        Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.3 ]  Encapsulation: ENET2
        Bandwidth: 0
        Traffic statistics:
         Input  bytes  :            427688405
         Output bytes  :          12884733722
         Input  packets:              3842216
         Output packets:              9751930
        Local statistics:
         Input  bytes  :             15372726
         Output bytes  :              9436920
         Input  packets:               188994
         Output packets:                44567
        Transit statistics:
         Input  bytes  :            412315679                 1720 bps
         Output bytes  :          12875296802                 1096 bps
         Input  packets:              3653222                    2 pps
         Output packets:              9707363                    1 pps
        Security: Zone: trust
        Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf ospf3 pgm pim rip ripng
        router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike netconf ping reverse-telnet
        reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip dhcpv6 r2cp
        Flow Statistics :
        Flow Input statistics :
          Self packets :                     197815
          ICMP packets :                     502
          VPN packets :                      0
          Multicast packets :                206288
          Bytes permitted by policy :        347231174
          Connections established :          62905
        Flow Output statistics:
          Multicast packets :                0
          Bytes permitted by policy :        11010156755
        Flow error statistics (Packets dropped due to):
          Address spoofing:                  0
          Authentication failed:             0
          Incoming NAT errors:               373
          Invalid zone received packet:      0
          Multiple user authentications:     0
          Multiple incoming NAT:             0
          No parent for a gate:              0
          No one interested in self packets: 0
          No minor session:                  0
          No more sessions:                  0
          No NAT gate:                       0
          No route present:                  2679
          No SA for incoming SPI:            0
          No tunnel found:                   0
          No session for a gate:             0
          No zone or NULL zone binding       0
          Policy denied:                     0
          Security association not active:   0
          TCP sequence number out of window: 32
          Syn-attack protection:             0
          User authentication errors:        0
        Protocol inet, MTU: 8982, Generation: 171, Route table: 0
          Flags: Sendbcast-pkt-to-re
          Addresses, Flags: Is-Preferred Is-Primary
            Destination: 192.168.1/24, Local: 192.168.1.1, Broadcast: 192.168.1.255, Generation: 240
        Protocol inet6, MTU: 8982, Generation: 172, Route table: 0
          Flags: User-MTU
          Addresses, Flags: Is-Preferred
            Destination: fe80::/64, Local: fe80::x:xxxx:xxxx:xxxx
        Generation: 246

     

     

     

    I changed my mtu to a different value, i could not match the ipv6 with the base

    interface mtu. vlan mtu vs. vlan.0 ipv6 mtu . Says ipv6 number must not be greater

    than vlan mtu. Any comments about the rest is appreciated. I also want to know if

    1536 on other devices is adviseable? I.E. , 1536 * 6 = 9216 . Wireless AP's are the

    target devices.



  • 4.  RE: Vlan mtu, and ipv6 mtu.
    Best Answer

    Posted 08-31-2018 01:34

    Eugene,

     

    I believe we need to start by defining MTU, which is not other thing than the size of the packets/frames that can be received or sent over a logical/physical interface. Note that the size will depend on the fact that we are talking about frames (at layer 2) or packets (at layer 3); this is why I stated that the MTU is the size of the packet/frame that a logical/physical interface can process.

     

    When a host will be sending data, it will be encapsulated in a way similar to this one:

     

    DATA    +   L4 Header      + L3 Header +      L2 Header
                         (TCP/UDP)                (IP)             (ETHERNET)

    When the MTU related to the logical interface (aka Protocol MTU) is calculated, we are talking about the size of the IP packets that the interface can process. This value includes the size of the data being sent (the payload) plus the L4 and L3 headers' size. Note that the L2 header size is not taken in to consideration. For regular Ethernet networks generally this protocol MTU is 1500 bytes:

     

    TCP packet:

     

      PAYLOAD (1460Bytes)+ TCP Header (20 bytes)+ IP Header (20 bytes)= A packet (1500 bytes)


    When the MTU related to the physical interface (aka Interface MTU) is calculated, we are talking about the size of the frames that the interface can process. This counts the amount of data being sent plus the L4, L3 and L2 headers. For instance a regular Ethernet frame has a size of 1518bytes:

     

    TCP packet:

     

      PAYLOAD (1460Bytes)+ TCP Header (20 bytes)+ IP Header (20 bytes)+ Ethernet Header (18 bytes)= A frame (1518 bytes)


    Now we can understand why we see more than one MTU value in the "show interfaces extensive" output for the same interface:

     

      Logical interface vlan.0
           Protocol inet, MTU: 8982      <<<<< Protocol MTUs
           Protocol inet6, MTU: 8982

      Physical interface: vlan
            Link-level type: VLAN, MTU: 9000   <<<<< Interface MTU


    Note that the Interface MTU is 18bytes bigger than the Protocol MTU because the first one takes in to consideration the Ethernet header size.

     

    Knowing the above information, now lets review your questions:

     

    Q.I have noticed that when you set up your vlan interface , a default mtu is set. Vlan mtu equals 9192. When I added ipv6 addressing I think I set it to 9174. Must have been default, I don't remember. Is it better to match these two numbers?

     

    A/ You wont be able to match them. One represents the size of the packets (Protocol MTU, a L3 concept) and the other one the size of the frames (Interface MTU, a L2 concept). The last one includes 18 more bytes than the first one.


    Q.What are the implications of setting them the same as opposed to a little different like they currently are?

     

    A/ A packet of a size of 1500 bytes can be sent over a logical interface that has a Protocol MTU of 1500. But when the Ethernet header is added, that packet becomes a frame of 1518 bytes, and having a physical interface configured with a Interface MTU of 1500 will avoid/prevent that 1518 frame to be sent. This is why when you manually set the Protocol MTU, the Interface MTU will automatically change to a value 18ytes bigger.

     

    Q. I changed my mtu to a different value, i could not match the ipv6 with the base interface mtu. vlan mtu vs. vlan.0 ipv6 mtu. Says ipv6 number must not be greater than vlan mtu

     

    A/ They are never supposed to be the same. The interface MTU will be normally (if not always) 18bytes bigger than the protocol MTU because while the protocol MTU talks about packets' sizes, the interface MTU talks about frames' sizes that include the 18 more bytes of the Ethernet header.


    Q. 1536 on other devices is advisable?

     

    R/ You have to understand if you are configuring Protocol or Interface MTU. Lets say you are configuring the Protocol MTU (defining the size of the packets that can be sent by a logical interface). If the SRX will send a packet size of 8982 bytes, after this packet gets encapsulated at L2 (an Ethernet header of 18 bytes will be added), the size of the resulting frame will be of 9000bytes. The sending physical interface should have a Interface MTU of 9000, else it will drop that frame because it exceeds the size of the frames that the interface can send.

     

    Once the 9000 bytes frame reaches the remote physical interface, it will be accepted only if the remote physical interface has a Interface MTU of 9000 or higher. Once the Ethernet header is removed, we will have a 8982 bytes packet, that could be accepted/processed only if the logical interface has a Protocol MTU of 1500 or higher.

     

    I hope that the above information helps you.