[AusNOG] Help with TPG EFM MTU size

Houtan Larijani houtan.larijani at overthewire.com.au
Tue Jul 17 23:19:10 EST 2018 

Hi Goran,

I had the same issue with SRX before. On that case adjusting tcp-mss, fixed
the issue. Try this:

security {
    flow {
        tcp-mss {
            all-tcp {
                mss 1350;
            }
        }
    }

Hope this help

Cheers



Houtan Larijani
Senior Network Engineer



[image: Over the Wire] <http://www.overthewire.com.au>



Over the Wire Holdings Ltd (ASX:OTW)

GPO Box 1807 Brisbane, QLD, 4001, Australia

Level 8, 473 Bourke Street, Melbourne, Victoria, 3000

t    1300 689 689
e   houtan.larijani at overthewire.com.au     www.overthewire.com.au



On Tue, 17 Jul 2018 at 23:07, Goran Aleksic <goran.aleksic at gmail.com> wrote:

> Hi all,
>
> had a read on TPG EFM NTU size and I saw in an older post it was important
> which LAC  you connect to etc.
>
> In my case, got a customer on TPG EFM service who needed to migrate from
> EdgeRouter to Juniper SRX to enable some features.
> However, after migration, intermittent issues started with Internet
> Banking and other web sites using TLS/SSL encryption.
> Intermittent issues had no pattern, there was no link congestion at the
> time I witnessed those.
> Bandwidth speed tests were giving me expected results.
> On the other side, remote desktop access, IPSec tunnel, IP Telephony all
> worked well.
> In the migration I observed MTU size on the old router and configured
> Juniper SRX accordingly.
> However, got the intermittent issues to go away only after I decreased MTU
> / TCP-MSS from 1492 to 1440 / 1400 B.
> I got a case with TPG and they insisted on isolation test, which I did
> with laptop, old router and new router (all 3 without specifying MTU size)
> and managed to ping as big as
> 1. 1272 on laptop directly plugged into NTU
> 2. 1412 after NTU reboot
> 3. 1412 from Juniper SRX after NTU reboot
> 4. 1412 from laptop behind Juniper SRX after NTU reboot
> 5  1272 from laptop behind EdgeRouter after NTU reboot
>
> This is all quite confusing.
> On top of that TPG denies anything wrong and asks me to do isolation test
> again (ya, right, we got no other business but to take customers offline
> and do isolation tests...)
>
> They don't seem to appreciate I had to troubleshoot this and find out the
> MTU size by trial and error, while it should be deterministic and standard,
> as outlined in service activation notice.
>
> They also ignore the fact that decreased MTU impacts the link efficiency
> and customer's capacity to use the service in an optimal way.
>
> I wondered if anyone can help me make sense out of this?
> What arguments can I use to get TPG to investigate properly?
>
> Many thanks!
> Goran
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180717/f480f7c3/attachment.html>

More information about the AusNOG mailing list