Category: Routing

MTU and TCP MSS

The largest chunk of bytes that a transport protocol can forward across specific medium is called MTU – Maximum Transmission Unit. If we speak about Ethernet, which is today the most common, he has by default 1522 bytes MTU.

The story about MTU is that the MTU of specific protocol basically defines how much payload (or highest protocols headers + their payload) it can carry in its biggest packet, not counting his own headers. Putting more payload into single packet than the MTU allows will result in fragmentation, the process of slicing the frame into more smaller frames so that they can get through the path.

So if we look at the wire and catch a standard Ethernet frame, we will see that he is able to carry 1500 bytes of data (Ethernet default MTU of 1500 bytes) and additional Ethernet header which is 14 bytes or 18 bytes when it has 802.1q VLAN tag added inside.

Different MTUs: Interface MTU, IP MTU and TCP MSS

Interface MTU (Ethernet MTU)

The image above is showing different MTU types. It is important for to note that Interface MTU (Ethernet MTU) is the maximum MTU size that a specific hardware port on our network device can forward. In the case of Ethernet (IEEE 802.3) the maximum frame size is 1522 bytes which was raised from 1518 bytes to allow VLAN tagging using 802.1q. Minimum Ethernet frame size can be 64 bytes. After some time, when Gigabit and faster ethernet ports started to appear, jumbo frames were introduced with the ability to increase the interface MTU to 9000 bytes for performance reasons (slightly less header overhead).

| Continue Reading.. |

Redistribute Static on Juniper & Cisco

In case you wondered how to redistribute static routes into dynamic routing protocol you are at the right place. This is normally a basic thing to do, but I will let you know how to do it in different ways on different vendor devices so it might be interesting.

We will go through few examples of normal static to OSPF redistribution and then see how it can be partially done with only part of static routes using route filters. I’ll do it on Cisco and Juniper devices so we can see what’s the difference.

Cisco

In Cisco CLI, redistribute static is fairly simple thing to do:

Router(config)#router ospf 1
Router(config-router)#redistribute static subnets

But you need to know that this simple command will take all static router available on that router and push them to OSPF and redistribute them to all other routers participating in that OSPF process.

If you want to redistribute just some of the static routes, or in our next example only static route towards the network 10.10.10.0/24 you need route map filtering in redistribution command to reference only that one network:

| Continue Reading.. |

Source-Specific Multicast Configuration

In SSM, Source-Specific Multicast, things are done differently from standard multicast forwarding. SSM is specifying a group of hosts that are receiving same multicast stream using group IP address and additionally using stream unicast source IP.

In this article it is shown how to configure Source Specific Multicast on Cisco and Juniper equipment.

In standard multicast, forwarding is done using group IP address which is an IP from multicast dedicated range 224.0.0.0/4 (224.0.0.0 – 239.255.255.255) or FF00::/8 in IPv6. Each multicast group IP address is a single address which specifies all hosts receiving a specific stream, streamed towards that group IP address from multicast source. In standard multicast everybody can start to stream with some IP multicast group IP, becoming in that way, the multicast source.

| Continue Reading.. |

Unable to access Cisco ASA through AnyConnect VPN?

I stepped on this issue few weeks ago. I was implementing a new ASA Firewall solution, first time for me with software newer than version 8.4.2

It seems that all those stories about changes in the NAT logic after that version were true. This is what I found out about ASA packet processing.firewall

Configuration was really straightforward and everything worked fine except one thing. When connected remotely using Cisco AnyConnect I was able to access all devices inside the network (inside ASA firewall), but not the ASA itself. I wasn’t able to connect with SSH nor with ASDM.

| Continue Reading.. |

VRF – Virtual Routing and Forwarding

(Part II) Virtual Routing and Forwarding

This is the second part in the series of posts dedicated to network virtualization and path isolation.

Ever needed one extra router? It’s possible to split the router into more logical routers by using VRF. How? Here’s how!

Virtual Routing and Forwarding or VRF allows a router to run more that one routing table simultaneously. When running more routing tables in the same time, they are completely independent. For example, you could use overlapping IP addresses inside more VRFs on the same router and they will function independently without conflict (You can see this kind of overlap in the example below). It is possible to use same VRF instance on more routers and connect every instance separately using VRF dedicated router port or only a sub-interface.

You can find VRFs to be used on ISP side. Provider Edge (PE) routers are usually running one VRF per customer VPN so that one router can act as a PE router for multiple Customer Edge (CE) routers even with more customers exchanging the same subnets across the VPN. By running VRF per customer, those subnets will never mix in-between them.

VRFs are used to create multiple virtual routers from one physical router.

Every VRF is creating his own Routing table and CEF table, basically a separate RIB and FIB.

| Continue Reading.. |