1 / 16

Jumbo Frames and Packets @ DU

Discover how DU achieved campus WAN and firewall redundancy with MPLS, enabling Jumbo MTU support across switches for efficient packet handling.

woolard
Download Presentation

Jumbo Frames and Packets @ DU

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jumbo Frames and Packets @ DU Winter WestNet Meeting Arizona State University, Tempe, AZ Jan 14, & 15 2014 Chad Burnham University of Denver cburnham@du.edu

  2. What drove us to this? • Redundant campus border router combined with “splitting” of campus firewalls – summer 2014 • Implemented MPLS (VPLS-PE) on CAT6K SUP2T to achieve this goal of campus WAN and firewall redundancy across 2 x data centers, and 2 x routed cores • Inside and Outside firewall networks are required to show up in two core routing domains • Enabling MPLS feature on campus 10G Backbone Links introduced up to 40 bytes to the IP header, causing fragmentation. • DF bit is set to = 1 (Do Not Fragment). • This in turn, caused high CPU on our two core routers; as fragmented packets require inspection. • Learned that certain Applications can set this bit=1 • (even when they do not need it set!)

  3. Cisco IOS command to see if packet fragmentation is occurring: CS-UTS-0#sho ip traffic IP statistics: Rcvd: 187384681 total, 139921126 local destination 5 format errors, 2 checksum errors, 30439145 bad hop count 6 unknown protocol, 0 not a gateway 0 security failures, 0 bad options, 25133729 with options Opts: 0 end, 0 nop, 0 basic security, 0 loose source route 0 timestamp, 0 extended security, 0 record route 0 stream ID, 0 strict source route, 25133729 alert, 0 cipso, 0 ump 0 other Frags: 12333 reassembled, 316 timeouts, 0 couldn't reassemble 5792 fragmented, 40450 couldn't fragment Bcast: 46690358 received, 1954311 sent Mcast: 34955176 received, 55841630 sent Sent: 113320632 generated, 4097459325 forwarded Drop: 1204 encapsulation failed, 0 unresolved, 0 no adjacency 0 no route, 243678 unicast RPF, 0 forced drop, 0 unsupported-addr 0 options denied, 0 source IP address zero

  4. Jumbo MTU Frame Support: It’s all About the Switching “Platform”… • Cisco Catalyst 6509/6513 • Depends on both Supervisor Model and Line Card Model(s) • Allows for individual ports (and L2 Port Channels!) to be enabled/disabled • Cisco Catalyst 4506-E • Depends on both Supervisor Model and Line Card Model(s) • Allows for individual ports (and L2 Port Channels!) to be enabled/disabled • Cisco Catalyst 4500X-32 SFP+ • Cisco Catalyst 3560-24PS / 48PS • Cisco Catalyst 3560G-24TS / 48TS • Cisco Catalyst Blade Switch 3020 for HP • Cisco IE 3000-4TC Industrial • Cisco Catalyst 2960-8TC / 24PC-L (100 Mbit) • Jumbo not an option for 100 mbit ports • Cisco Catalyst 2960G-8TC / 24TC / 48TC • Cisco Catalyst 2960S 24 / 48

  5. Jumbo MTU Packet Support: It’s all About the Switching “Platform”… • Cisco Catalyst 6509/6513: • DU has L3 SVI (Switched Virtual Interfaces; aka L3 routed VLANS) • Standardized on MTU = 9216 • DU has both “Backbone” and some Point-to-Point “Routed” • Links / Ports • Standardized on MTU = 9216 • Both types of IOS Interfaces support Jumbo Packets, however is a function of underlying module/line card hardware as to what is and is not supported per physical port. • Centralized Forwarding Card (CFC) • vs. • Distributed Forwarding Card (DFC)

  6. Jumbo Packets (& Frames) in the WAN • Configured FrameL2 MTU = 9216 on physical 10G ports facing CenturyLink provided 10G WAVE service <-> FRGP. • CenturyLink ROADM (WAVE) gear allows for this large size • Configured PacketL3 MTU =9000 on FRGP Routers <-> DU Campus Cisco ASR 1006 Border Routers • R&E networks only. • FireEye NX-10000 Appliance • Unit currently does not support – preventing Jumbo to be enabled WAN <-> Campus LAN… • Can Pass, but not inspect…. •  • Call into Brent Byrnes for Status….

  7. Useful IOS MTU commands • CAT6K/SUP2T • sho interface mtu • sho vlan mtu • (TooBig) Output -  • Any MTU Mismatches to think about? • Most Cisco Catalyst models: • sho system mtu • sho interface mtu • system mtu jumbo <1500-9000> Jumbo MTU size in bytes • Changes to the system jumbo MTU will not take effect until the next reload is done • All or nothing (not able to set per port)

  8. Jumbo Packets & Frames in the Data Center • DU Data Center design is 2 x 6513-E Chassis / SUP2T • All Data Center L3 SVIs are not enabled at this time….soon. • Only Uplink ports to Core Routers, and ports between 2 x chassis (L2 Port Channel) – to prepare for VPLS-PE configs (soon). • Current plan is to enable SVIs first, then one physical port at a time for L2 Jumbo Frame support. • Work hand in hand with System Administrators, DBAs, Etc.. • Research findings are from a Purdue authored paper show that it is advantageous overall to enable Jumbo in the Data Center * • Backups….DU using 1G x 4 Etherchannel to Server Heads, do not anticipate much gain due to etherchannel algorithm. Need to move to 10G links to see a gain?

  9. Aruba Wireless Environment • ArubaOSsupports jumbo frames between 11ac WAPsand 7200 Series controllers only. • This release (6.4.2.1) of ArubaOS does not support the jumbo frames for the following scenarios: • IPsec, IPIP, and xSec. • IPv6 fragmentation/reassembly • You can enable the jumbo frame support in the following scenarios: • Tunnel node: In a tunneled node deployment, the wired clients connected on the tunneled nodes can send and receive the jumbo frames. • L2/L3 GRE tunnels: When you establish a GRE tunnel between two controllers, the clients on one controller can send and receive jumbo frames from the clients on the other controller on enabling jumbo frames. • Between wired clients: In a network where clients connect to the controller with jumbo frames enabled ports can send and receive the jumbo frames. • Wi-Fi tunnel: A Wi-Fi tunnel can support an AMSDU jumbo frame for an AP (The maximum MTU supported is up to 9216 bytes).

  10. Aruba Wireless Environment – Con’t • DU has not enabled this feature at this time • Need to test in Lab more…

  11. Testing:Win 7 Screenshot for a failed attempt (PC attached to a switch that is not jumbo enabled) • Microsoft Windows [Version 6.1.7601] • C:\Users\chad.burnham>ping -f -l 9000 130.253.15.254 • Pinging 130.253.15.254 with 9000 bytes of data: • Packet needs to be fragmented but DF set. • Packet needs to be fragmented but DF set. • Packet needs to be fragmented but DF set. • Packet needs to be fragmented but DF set. • Ping statistics for 130.253.15.254: • Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

  12. Testing: Cisco SVI IOS Example • switch#show run int vlan 99               Building configuration… • Current configuration : 190 bytes!interface Vlan99 description backupmtu 9000 ip address 10.10.9.1 255.255.255.0 ip broadcast-address 10.10.9.255end • switch#pingip 10.10.9.19 size 9000 df-bit • Type escape sequence to abort.Sending 5, 9000-byte ICMP Echos to 10.10.9.19, timeout is 2 seconds:Packet sent with the DF bit set!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 msswitch#

  13. Useful Resources • http://www.ccierants.com/2012/11/jumbo-frames-gotchas-you-need-to-know.html • http://docs.lib.purdue.edu/cgi/viewcontent.cgi?article=2770&context=cstech • http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/24048-148.html • http://www.mylesgray.com/hardware/test-jumbo-frames-working/ • http://www.maximumpc.com/article/howtos/how_enable_jumbo_frames • http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/Network_Parameters/Jumbo_Frame_Support.htm • http://www.bitplumber.net/2009/03/how-to-configure-jumbo-frames/

  14. Questions?

More Related