Category: Networking

MTU and TCP MSS

The largest chunk of bytes that a transport protocol can forward across specific medium is called MTU – Maximum Transmission Unit. If we speak about Ethernet, which is today the most common, he has by default 1522 bytes MTU.

The story about MTU is that the MTU of specific protocol basically defines how much payload (or highest protocols headers + their payload) it can carry in its biggest packet, not counting his own headers. Putting more payload into single packet than the MTU allows will result in fragmentation, the process of slicing the frame into more smaller frames so that they can get through the path.

So if we look at the wire and catch a standard Ethernet frame, we will see that he is able to carry 1500 bytes of data (Ethernet default MTU of 1500 bytes) and additional Ethernet header which is 14 bytes or 18 bytes when it has 802.1q VLAN tag added inside.

Different MTUs: Interface MTU, IP MTU and TCP MSS

Interface MTU (Ethernet MTU)

The image above is showing different MTU types. It is important for to note that Interface MTU (Ethernet MTU) is the maximum MTU size that a specific hardware port on our network device can forward. In the case of Ethernet (IEEE 802.3) the maximum frame size is 1522 bytes which was raised from 1518 bytes to allow VLAN tagging using 802.1q. Minimum Ethernet frame size can be 64 bytes. After some time, when Gigabit and faster ethernet ports started to appear, jumbo frames were introduced with the ability to increase the interface MTU to 9000 bytes for performance reasons (slightly less header overhead).

| Continue Reading.. |

The New Way of Generating IPv6 – SLAAC EUI-64 Address Format

There was an old way of generating Interface IPv6 address using SLAAC process (Stateless autoconfiguration). You simply configured that you want SLAAC autoconfiguration and the interface IPv6 was generated by squeezing “FFFE” in hex (11111111 11111110 bits) between two parts of physical MAC address of that interface.

Then, after a while, several comments came to IETF about the use of predictable Interface Identifiers in IPv6 addresses. They were pointing to the ease of correlation of host activities within the same network and across multiple networks. If Interface Identifiers are constant across networks this is negatively affecting the privacy and security of users on that network.

| Continue Reading.. |

Create or Edit a File on Cisco IOS Flash

There is always the option to edit a file locally on your computer in notepad++ and then upload it to Cisco device.

With this trick, you can write or edit a file from Flash memory directly from Cisco IOS console. If you need it for whatever reason, maybe to change something in the config file or something else, this is the way to do it.

I was using if for my next article lab where I needed a file on the flash with at least 1600 bytes so I can pull it from neighbouring router with HTTP and check some details in new TCP connection. It was faster to just create the file directly on the router flash and not creating it on my laptop and then transferring it with FTP or TFTP.

| Continue Reading.. |

Link Aggregation – LACP Protocol

EtherChannel enables bundling multiple physical links connecting same devices into a single logical link. I will try to show you how it is configured and how it works.

The issue with one uplink

I made an example with 8 clients connected to two Cisco 3850 switches. For start, those two switches are connected together with 1G copper on Interface Ge1/23. The clients are also connected to 1G ports. In this case, when all of those four clients on the left side start simultaneously sending traffic at full speed to different computers on the right side, they will congest the uplink between switches and some traffic will be dropped.

| Continue Reading.. |

Check Point Firewall VM Disk Resize

It is related to Check Point MGMT VM with R80.10 in my story, but you would as well want to resize Check Point gateway firewall hardware box or VM.

I was searching for a simple solution and found different ones that didn’t work for me, so here are the steps that you need to go through when you resize your CheckPoint VM disk in vCenter and then need to expand the partition inside Check Point VM in order to use the additional space.

Of course, you did choose too small HDD for your VM when you created it and now you cannot upload some hotfixes or vSEC gateway files to it because you don’t have enough space.

Get to vCenter and shut down the VM.

vCenter VM Shutdown

Get more GB to your VM and power it back up.

vCenter VM HDD Space Increase

| Continue Reading.. |