• February 11, 2012, 11:05:41 AM
Welcome, Guest. Please login or register.
Did you miss your activation email?
« previous next »
Pages: [1]

Author Topic: VPN Router (ex Contivity) 2700 and Jumbo Frames?  (Read 1131 times)

0 Members and 1 Guest are viewing this topic.

Offline ttrinh

  • Rookie
  • **
  • Posts: 1
VPN Router (ex Contivity) 2700 and Jumbo Frames?
« on: April 15, 2010, 05:31:50 PM »
Hi, I have some jumbo frames (1891 bytes) going to a Contivity 2700 and trying to understand what the device should be doing when it receives a jumbo frame on the LAN (Private) interface.

I expected the device to fragment the packet before sending it through the tunnel, however, the counters indicate that it's not seeing the IP packet at all (Status -> Statistics -> UDP Stats, or LAN Counters).  I suspect it might be getting dropped by Layer 2.

The packet is a UDP SIP packet and when it leaves our signalling server, it is in two packets (1500 bytes & 500 bytes), long story short it goes through our WAN through a series of Juniper devices which ends up reassembling the packet (1891 bytes) then sending it on to the Contivity to be sent off to the final end point.

Anyone able to tell me what the normal behaviour is for the 2700? or how I can get it to fragment packets?

Forgot to also mention that I did a packet capture while doing some blackhole ping tests to the 2700 interface directly and it's not returning any ICMP to indicate that it needs to fragment the packet, just get "Request timed out" i.e. ping x.x.x.x -l 1700 -f
« Last Edit: April 15, 2010, 05:35:48 PM by ttrinh »
Logged

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 2164
    • Michael McNamara
Re: VPN Router (ex Contivity) 2700 and Jumbo Frames?
« Reply #1 on: April 16, 2010, 08:27:06 AM »
Hi ttrinh and welcome to the forums!

I think you might be confused between IP packet sizes and Ethernet frame sizes. You can have an IP packet upwards of 64K in size but you can only have an Ethernet frame upwards of 1500 bytes in size (excluding Jumbo Frames). That IP packet can then be broken down (fragmentation) into multiple Ethernet frames by the source device in order to fit on the wire (Ethernet). You can read more IPv4 and fragmentation/reassembly from Wikipedia.

In any event what is the MTU on your private interface?

Nortel published a document back in 2005 explaining how to use MSS in order to resolve MTU difficulties with the Nortel VPN Router (formerly Contivity)
Contivity MTU and TCP MSS clamping.pdf

In answer to your last question about the 'ping x.x.x.x -l 1700 -f'. You instructed the system not to fragment (DON'T FRAGMENT) when you added the -f option that will not work unless both devices trying to communicate and every switch/router in-between them supports Jumbo Frames. You are not going to be able to get Jumbo Frames over the public Internet (perhaps Internet2 but not the public Internet).

Good Luck!
Logged
If you've found this site useful and helpful, please help me spread the word. Link to us in your blog or homepage or Tweet about us! - Thanks!
Pages: [1]
« previous next »