<div dir="ltr">Hi Goran,<div><br></div><div>I had the same issue with SRX before. On that case adjusting tcp-mss, fixed the issue. Try this:</div><div><br></div><div><div>security {</div><div> flow {</div><div> tcp-mss {</div><div> all-tcp {</div><div> mss 1350;</div><div> }</div><div> }</div><div> }</div><div><br></div><div>Hope this help</div><div><br></div><div>Cheers</div><div><div dir="ltr" class="gmail_signature"><div style="font-size:10pt;font-family:ARIAL">
<p style="margin-bottom:0pt;margin-top:0pt"> </p>
<p style="margin-bottom:0pt;margin-top:0pt"><span style="font-size:13.5pt;color:rgb(0,118,188)">Houtan</span><span style="font-size:13.5pt;color:rgb(0,118,188)"> Larijani</span><span style="color:rgb(0,0,0)"><br></span><span style="font-size:10pt;color:rgb(204,204,204)">Senior Network Engineer</span></p>
<p style="margin-bottom:0pt;margin-top:0pt"><span style="font-size:10pt;color:rgb(204,204,204)"></span> </p>
<p style="margin-bottom:0pt;margin-top:0pt"><span style="font-size:10pt;color:rgb(0,0,0)"><a title="Over the Wire" href="http://www.overthewire.com.au" target="_blank"><img border="0" hspace="0" alt="Over the Wire" src="http://www.impirical.com.au/signatures/otw-right.png" width="170"></a></span></p>
<p style="margin-bottom:0pt;margin-top:0pt"><span style="font-size:10pt;color:rgb(0,0,0)"></span> </p>
<p style="margin-bottom:0pt;margin-top:0pt"><span style="font-size:10pt;color:rgb(0,0,0)">Over the Wire Holdings Ltd (ASX:OTW)</span></p><span style="font-size:10pt;color:rgb(0,0,0)"> <p style="margin-bottom:0pt;margin-top:0pt"><span style="font-size:10pt;color:rgb(0,0,0)">GPO Box 1807 Brisbane, QLD, 4001</span><span style="font-size:10pt;color:rgb(0,0,0)">, </span><span style="font-size:10pt;color:rgb(0,0,0)">Australia</span></p>
<p style="margin-bottom:0pt;margin-top:0pt"><span style="font-size:10pt;color:rgb(0,0,0)">Level 8, 473 Bourke Street</span><span style="font-size:10pt;color:rgb(0,0,0)">, </span><span style="font-size:10pt;color:rgb(0,0,0)">Melbourne</span><span style="font-size:10pt;color:rgb(0,0,0)">, </span><span style="font-size:10pt;color:rgb(0,0,0)">Victoria</span><span style="font-size:10pt;color:rgb(0,0,0)">, </span><span style="font-size:10pt;color:rgb(0,0,0)">3000</span></p></span><span style="font-size:10pt;color:rgb(31,73,125)"><br></span><span style="font-size:10pt;color:rgb(0,118,188)">t</span><span style="font-size:10pt;color:rgb(0,136,207)"> </span><span style="font-size:10pt;color:rgb(0,0,0)">1300 689 689</span><span style="font-size:10pt;color:rgb(31,73,125)"><br></span><span style="font-size:10pt;color:rgb(0,118,188)">e</span><span style="font-size:10pt;color:rgb(0,136,207)"> </span><span style="font-size:10pt;color:rgb(0,136,207)"><a href="mailto:houtan.larijani@overthewire.com.au" target="_blank">houtan.larijani@overthewire.com.au</a></span><span style="font-size:10pt;color:rgb(0,118,188)"> </span><span style="font-size:10pt;color:rgb(0,0,0)"> </span><a style="font-size:10pt;text-decoration:underline;color:rgb(0,118,188)" href="http://www.overthewire.com.au/" target="_blank">www.overthewire.com.au</a><span style="font-size:10pt;color:rgb(0,118,188)"> </span></div><br></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 17 Jul 2018 at 23:07, Goran Aleksic <<a href="mailto:goran.aleksic@gmail.com">goran.aleksic@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi all, <br></div><div><br></div><div>had a read on TPG EFM NTU size and I saw in an older post it was important which LAC you connect to etc.</div><div><br></div><div>In my case, got a customer on TPG EFM service who needed to migrate from EdgeRouter to Juniper SRX to enable some features.</div><div>However, after migration, intermittent issues started with Internet Banking and other web sites using TLS/SSL encryption.</div><div>Intermittent issues had no pattern, there was no link congestion at the time I witnessed those.</div><div>Bandwidth speed tests were giving me expected results.<br></div><div>On the other side, remote desktop access, IPSec tunnel, IP Telephony all worked well.</div><div>In the migration I observed MTU size on the old router and configured Juniper SRX accordingly.</div><div>However, got the intermittent issues to go away only after I decreased MTU / TCP-MSS from 1492 to 1440 / 1400 B.</div><div>I got a case with TPG and they insisted on isolation test, which I did with laptop, old router and new router (all 3 without specifying MTU size) and managed to ping as big as <br></div><div>1. 1272 on laptop directly plugged into NTU</div><div>2. 1412 after NTU reboot</div><div>3. 1412 from Juniper SRX after NTU reboot</div><div>4. 1412 from laptop behind
Juniper SRX after NTU reboot </div><div>5
1272
from laptop behind EdgeRouter after NTU reboot <br></div><div><br></div><div>This is all quite confusing.</div><div>On top of that TPG denies anything wrong and asks me to do isolation test again (ya, right, we got no other business but to take customers offline and do isolation tests...)</div><div><br></div><div>They don't seem to appreciate I had to troubleshoot this and find out the MTU size by trial and error, while it should be deterministic and standard, as outlined in service activation notice.<br></div><div><br></div><div>They also ignore the fact that decreased MTU impacts the link efficiency and customer's capacity to use the service in an optimal way.<br></div><div><br></div><div>I wondered if anyone can help me make sense out of this?</div><div>What arguments can I use to get TPG to
investigate
properly?</div><div><br></div><div>Many thanks!</div><div>Goran</div><div><br></div></div>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div>