By default IPv4 Path MTU is enabled. However all PMTU options can be located under [set system internet-options ....].
root@srx100# set system internet-options ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
gre-path-mtu-discovery Enable path MTU discovery for GRE tunnels
> icmpv4-rate-limit Rate-limiting parameters for ICMPv4 messages
> icmpv6-rate-limit Rate-limiting parameters for ICMPv6 messages
ipip-path-mtu-discovery Enable path MTU discovery for IP-IP tunnels
ipv6-duplicate-addr-detection-transmits IPv6 Duplicate address detection transmits
ipv6-path-mtu-discovery Enable IPv6 Path MTU discovery
ipv6-path-mtu-discovery-timeout IPv6 Path MTU Discovery timeout (5..71582788 minutes)
ipv6-reject-zero-hop-limit Enable dropping IPv6 packets with zero hop-limit
no-gre-path-mtu-discovery Don't enable path MTU discovery for GRE tunnels
no-ipip-path-mtu-discovery Don't enable path MTU discovery for IP-IP tunnels
no-ipv6-path-mtu-discovery Don't enable IPv6 Path MTU discovery
no-ipv6-reject-zero-hop-limit Don't enable dropping IPv6 packets with zero hop-limit
no-path-mtu-discovery Don't enable Path MTU discovery on TCP connections
no-source-quench Don't react to incoming ICMP Source Quench messages
no-tcp-reset Do not send RST TCP packet for packets sent to non-listening ports
no-tcp-rfc1323 Disable RFC 1323 TCP extensions
no-tcp-rfc1323-paws Disable RFC 1323 Protection Against Wrapped Sequence Number extension
path-mtu-discovery Enable Path MTU discovery on TCP connections
> source-port Source port selection parameters
source-quench React to incoming ICMP Source Quench messages
tcp-drop-synfin-set Drop TCP packets that have both SYN and FIN flags
[edit]
To confirm your default settings for PMTU use the following command :
root@srx100> request pfe execute command "show usp flow config" target fwdd
SENT: Ukern command: show usp flow config
GOT:
GOT: Current FLOW configuration:
GOT: ===========================
GOT:
GOT: Flow main Parameters::
GOT: allow-dns-reply: disabled (default),
GOT: Route-change-timeout: 0 (default disabled),
GOT: Pending-sess-queue-length: 5 (default),
GOT: Syn-flood-protection tcp-syn-cookie (default),
GOT: no-inter-node-forwarding: disabled (default),
GOT: Aging Parameters::
GOT: early-ageout: 20 (default),
GOT: low-watermark: 100 (default),
GOT: high-watermark: 100 (default),
GOT: TCP MSS Parameters::
GOT: all-tcp-mss: 1450,
GOT: ipsec-vpn-tcp-mss: disabled (default),
GOT: gre-in-tcp-mss: disabled (default),
GOT: gre-out-tcp-mss: disabled (default),
GOT: TCP Session Parameters::
GOT: rst-invalid-session: disabled (default)
GOT: rst-check-sequence: disabled (default)
GOT: syn-check: enabled (default)
GOT: syn-check-in-tunnel: enabled (default)
GOT: sequence-check: enabled (default)
GOT: strict-syn-check: disabled (default)
GOT: tcp-initial-timeout: 20 (default)
GOT: time-wait-state-session-timeout: 150 (default)
GOT: trace flags: 0x0
Blogger Comment
Facebook Comment