Junos OS

Expand all | Collapse all

Maybe MSS Issue - Please read

Jump to Best Answer
  • 1.  Maybe MSS Issue - Please read

    Posted 01-08-2019 05:04



    We have a live transit ISP network now and no problems have been reported for 4 weeks since going live. However, today we have our first, potential issue....


    Imagine the following scenario:


    I-Phone --> CPE --> LNS (MX240) --> Core (MX240) --> Upstream ISP (Internet - Apple App Store)


    In the above scenario, the user can access the Apple App Store with no problems, but when trying to download an App, well, the network may as well not exist it is SOOOOO slow.....


    Now, on our other network:

    I-Phone --> ISP Provider (internet - Apple App Store)


    Same user with the same phone and all works perfectly. No problems at all.


    So, I researched possible issues.... I changed the DNS from our servers to googles - no change, still slow.

    So, I changed the MTU on the CPE as this resolved certain other issues - No change, still slow.


    This leaves me to wonder if it is the old MSS issue again and needs changing from 1420 to even lower...


    Has anyone seen this issue before and knows the resolution please?

  • 2.  RE: Maybe MSS Issue - Please read
    Best Answer

    Posted 01-08-2019 05:31

    As an add on....


    I have tested :

    Amazon Streaming - All good

    Youtube - All good

    Samsung Android downloads from google play - All good

    Netflix Streaming - All good


    But it is something to do with the new transit network as it works fine on the other ISP network....


    The MSS is currently set to 1420.


    I'm editing this response because the download speed from the Android is as expected (google play)....


    The speed on the other circuit is 100mb compared to 10mb on the slow circuit..... however, it is still taking longer than expected.

  • 3.  RE: Maybe MSS Issue - Please read

    Posted 01-08-2019 07:15

    I'll close this call as, in all honesty, it was just a quesiton to see if anyone has seen this before, but it looks like it is a false alarm as the circuit, I believe, is behaving at the speed it should. 

  • 4.  RE: Maybe MSS Issue - Please read

    Posted 01-09-2019 02:41

    Hello there,

    @adgwytc wrote:


    The speed on the other circuit is 100mb compared to 10mb on the slow circuit..... however, it is still taking longer than expected.

    If the "slow circuit" presentation is 10-BaseT and if it defaulted to Half Duplex then the abnormal slowness is pretty much expected.



  • 5.  RE: Maybe MSS Issue - Please read

    Posted 01-11-2019 01:34

    I thought I would update this issue as I have resolved it and it may help others to know how I got the resolution:


    So, here is the topology across the 2 x DC sites:

    I-Phone--CPE--LAC--LNS--CORE--Upstream ISP


    I-Phone--CPE--LAC--LNS--CORE--Upstream ISP


    The two core routers at HEX and THW are both linked together via X-Connects between the DC's.


    HEX did not have the issue, only THW did.


    The first thing I had to look for was "what's the difference between HEX and THW"?

    From a configuration perspective there was no difference. The only noticeable difference was that somewhere upstream, the route back to the CPE at THW was coming through HEX first. So, it would hit HEX and then traverse the X-COnnects across to THW and back to the CPE.


    So, how do we troubleshoot this? I installed I-Perf on one of our radius servers (at HEX) and applied the I-Perf configuration on a laptop attached to CPE at THW. I saw the same issue. I should have been seeing between 7 and 9 MB on I-Perf and 0 retries, but what I actually saw was throughput of 0.234 --> 0.566 and multiple retries. Okay, great, I can replicate the problem. Now, is it isolated to THW or is it the X-Connects?


    Next test to confirm X-Connects or local to THW was to install I-Perf on RADIUS server at THW and use from same THW Laptop. I saw the SAME results, which meant the problem was local and nothing to do with the X-Connects.

    So, now it was down to interface level. First check the configs... nope, nothing wrong there. Then I completed the following command:


    run show interfaces ae1 extensive ---- I saw the following in the output:


    Input errors:
    Errors: 15000, Drops: 0, Framing errors: 15000, Runts: 0, Giants: 0, Policed discards: 0, Resource errors: 0

    So, okay. Which interface from the aggregation is it?


    Close one and retest I-Perf..... I noticed the framing errors increase dramatically..... so, I swapped shutdown ports and the framing errors stopped. I-Perf had perfect responses now and no errors seen again.


    Whether this is sfp, fiber or a problem with the physical port, we will only know once we can get to the data centres.


    Just wanted to show the process I used for troubleshooting.


    ADD ON: When I tested the other sites, it must have been pure luck as one of the interfaces on the aggregated link is fine... it depends on the format Juniper uses to pass traffic across an aggregated link --- maybe round robin, maybe load balanced.... I can look that up....