Re: [nn] How to reduce MTU for a VPN tunnel?

To:	Marc Haber <mh+qorbit-nn@zugschlus.de>
Subject:	Re: [nn] How to reduce MTU for a VPN tunnel?
From:	Matt Florido <matt@floridonet.com>
Date:	Tue, 27 Mar 2007 06:53:39 -0800
Cc:	Netscreen Mailing List <nn@qorbit.net>
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	ns-list2@consult.net
Delivered-to:	nn@qorbit.net
In-reply-to:	<20070323181847.GA11246@torres.zugschlus.de>
List-archive:	<http://www.qorbit.net/nn>
List-help:	<mailto:nn-request@qorbit.net?subject=help>
List-id:	"Netscreen mailing list for netscreen admins." <nn.qorbit.net>
List-post:	<mailto:nn@qorbit.net>
List-subscribe:	<http://qorbit.net/mailman/listinfo/nn>, <mailto:nn-request@qorbit.net?subject=subscribe>
List-unsubscribe:	<http://qorbit.net/mailman/listinfo/nn>, <mailto:nn-request@qorbit.net?subject=unsubscribe>
References:	<20070323181847.GA11246@torres.zugschlus.de>
Sender:	nn-bounces@qorbit.net
User-agent:	Mutt/1.4.1i

* Marc Haber <mh+qorbit-nn@zugschlus.de> [03-23-2007 19:18]:

> Hi,
> 
> Now my questions
> 
> (1) Are there any known MTU issues in ScreenOS 5.3.0r6.0 for the 5GT?

Nothing major listed in the release notes.

> (2) How can I for testing purposes reduce the MTU the NSR client uses
>     for data sent into the VPN tunnel? Setting the appropriate registry
>     key on the virtual ethernet adapter does not work; the setting is
>     simply igored (verified by ping with a big request packet)

Try setting the MTU setting on the network adapter itself instead
of the virtual adapter for NSR.

> (3) Why do such MTU issues only surface with one application?
>     Everything else seems to be just fine.

You have only found it in one application, but I've found the issue
manifests itself when applications like using max packet sizes.

> (4) Which debugging steps would you guys take?
> 
> Any hints wil be appreciated.
> 
> Greetings
> Marc
> 

Here's something to try.  Adjust the TCP MSS settings on your NS5GT.

set flow tcp-mss xxx (1300 is a good number to test with)
set flow all-tcp-mss xxx (1400)

-- 
Regards,
Matt Florido
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn

<Prev in Thread]	Current Thread	[Next in Thread>
[nn] How to reduce MTU for a VPN tunnel?, Marc Haber Re: [nn] How to reduce MTU for a VPN tunnel?, Matt Florido <= Re: [nn] How to reduce MTU for a VPN tunnel?, Marc Haber Re: [nn] How to reduce MTU for a VPN tunnel?, Tim Eberhard Re: [nn] How to reduce MTU for a VPN tunnel?, STEVE KNAPP Re: [nn] How to reduce MTU for a VPN tunnel?, Tim Eberhard Re: [nn] How to reduce MTU for a VPN tunnel?, Marc Haber

Previous by Date:	[nn] Polling date and time via SNMP on a Netscreen?, Sean Knox
Next by Date:	Re: [nn] How to reduce MTU for a VPN tunnel?, Marc Haber
Previous by Thread:	[nn] How to reduce MTU for a VPN tunnel?, Marc Haber
Next by Thread:	Re: [nn] How to reduce MTU for a VPN tunnel?, Marc Haber
Indexes:	[Date] [Thread] [Top] [All Lists]