Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Jumbo frame support on ScreenOS firewalls

0

0

Article ID: KB12843 KB Last Updated: 21 Dec 2020Version: 7.0
Summary:

This article lists the ScreenOS platforms that support jumbo frames, and describes what happens when you enable jumbo frame support.

 

Solution:

Jumbo frame support is available in ScreenOS 6.0.0 and later. Jumbo frames are supported on the ISG-1000 and ISG-2000 devices without IDP. Jumbo frames are also supported on the NS-5000 series running MGT2 and SPM2 cards and the NS-5000 series running MGT3 and SPM3 cards.

Limitation: DI and IDP are not supported in jumbo frame mode.

Enabling Jumbo Frame Mode: To enable jumbo frame mode, use the following command:

set envar max-frame-size=<size>

Set size to any value between 1514 through 9830, inclusive. For example, set size to 7500, as in this example: set envar max-frame-size=7500. Note that there are no spaces before or after the equal sign (=).

Important:  When you enable jumbo frames and restart the security device, only interfaces on the 4-port SFP IO card and the management Ethernet interface become active. This scenario is shown in the example below.

Showing Max Frame Size Setting: To show the max-frame-size setting, use the following command:

get envar
Disabling Jumbo Frame Mode: To disable jumbo frames support and return the device to the normal maximum frame size (1514 bytes), use the following command:
unset envar max-frame-size 

Example

Important:  Use caution when enabling jumbo frame support on a production setup:

  • After enabling jumbo frame support and rebooting, the interfaces that do not support jumbo frame will not be available for any configuration. However, the old configuration will be available in the flash.

  • The configuration loaded in memory after the reboot is without interfaces and has no associated configuration. If you save this configuration, the configuration in memory will be overwritten to the flash.

Before setting the envar

nsisg1000-> get envar
default_image=screenos_image
run_image=default (screenos_image)
loader_version=1.0.3
last_reset=2013-12-19 01:06:43 by netscreen
sme=
patch=init
.hash-seg=7 (1327135036)
nsisg1000->

nsisg1000-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD Vsys
mgt 10.204.8.37/24 MGT 0010.dbb8.a6c0 - U - Root
eth1/1 1.1.1.1/24 Trust 0010.dbb8.a6c7 - D - Root  <<<<<<<< eth1/1 is configured with IP
eth1/2 0.0.0.0/0 Null 0010.dbb8.a6c8 - D - Root
eth1/3 0.0.0.0/0 Null 0010.dbb8.a6c9 - D - Root
eth1/4 0.0.0.0/0 Null 0010.dbb8.a6ca - D - Root
eth2/1 0.0.0.0/0 Null 0010.dbb8.a6d5 - D - Root
eth2/2 0.0.0.0/0 Null 0010.dbb8.a6d6 - D - Root
eth2/3 0.0.0.0/0 Null 0010.dbb8.a6d7 - U - Root
eth2/4 0.0.0.0/0 Null 0010.dbb8.a6d8 - U - Root
eth2/5 0.0.0.0/0 Null 0010.dbb8.a6d9 - U - Root
eth2/6 0.0.0.0/0 Null 0010.dbb8.a6da - D - Root
eth2/7 0.0.0.0/0 Null 0010.dbb8.a6db - D - Root
eth2/8 0.0.0.0/0 Null 0010.dbb8.a6dc - D - Root
eth3/1 0.0.0.0/0 Null 0010.dbb8.a6dd - D - Root
eth3/2 0.0.0.0/0 Null 0010.dbb8.a6de - D - Root
loopback.1 21.21.21.1/24 Untrust N/A - U - Root
loopback.4 31.31.31.1/24 Trust N/A - U - Root
vlan1 0.0.0.0/0 VLAN 0010.dbb8.a6cf 1 D - Root
null 0.0.0.0/0 Null N/A - U - Root 

nsisg1000-> set envar max-frame-size=9000
The system must be reboot for new setting to take effect!
nsisg1000->
nsisg1000-> reset
System reset, are you sure? y/[n] y
In reset ...

While rebooting

Unsupported command - set interface "ethernet1/1" zone "Trust"
.....
Unsupported command - set interface ethernet1/1 ip 1.1.1.1/24
.
Unsupported command - set interface ethernet1/1 nat
.......
Unsupported command - set interface ethernet1/1 ip manageable

After rebooting

nsisg1000-> get envar
default_image=screenos_image
run_image=default (screenos_image)
loader_version=1.0.3
last_reset=2013-12-19 22:28:50 by netscreen
sme=
patch=init
.hash-seg=7 (1327135036)
max-frame-size=9000          <<<<<< Jumbo frame enabled
nsisg1000->

Interface eth1/1 and its IP is not seen below:

nsisg1000-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD Vsys
mgt 10.204.8.37/24 MGT 0010.dbb8.a6c0 - U - Root
loopback.1 21.21.21.1/24 Untrust N/A - U - Root
loopback.4 31.31.31.1/24 Trust N/A - U - Root
vlan1 0.0.0.0/0 VLAN 0010.dbb8.a6cf 1 D - Root
null 0.0.0.0/0 Null N/A - U - Root
nsisg1000->
nsisg1000->
nsisg1000-> save             <<<< Save will save the configuration in memory; that is, without eth1/1
Save System Configuration ...
Done
nsisg1000->
nsisg1000->
nsisg1000-> unset envar max-frame-size=9000
The system must be reboot for new setting to take effect!
nsisg1000->
nsisg1000->
nsisg1000-> reset
System reset, are you sure? y/[n] y
In reset ...

After removing Jumbo frame and rebooting

nsisg1000-> get envar
default_image=screenos_image
run_image=default (screenos_image)
loader_version=1.0.3
last_reset=2013-12-19 22:33:20 by netscreen
sme=
patch=init
.hash-seg=7 (1079658583)
nsisg1000->
nsisg1000->
nsisg1000-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD Vsys
mgt 10.204.8.37/24 MGT 0010.dbb8.a6c0 - U - Root
eth1/1 0.0.0.0/0 Null 0010.dbb8.a6c7 - D - Root     <<< eth1/1 lost the earlier configuration
eth1/2 0.0.0.0/0 Null 0010.dbb8.a6c8 - D - Root
eth1/3 0.0.0.0/0 Null 0010.dbb8.a6c9 - D - Root
eth1/4 0.0.0.0/0 Null 0010.dbb8.a6ca - D - Root
eth2/1 0.0.0.0/0 Null 0010.dbb8.a6d5 - D - Root
eth2/2 0.0.0.0/0 Null 0010.dbb8.a6d6 - D - Root
eth2/3 0.0.0.0/0 Null 0010.dbb8.a6d7 - U - Root
eth2/4 0.0.0.0/0 Null 0010.dbb8.a6d8 - U - Root
eth2/5 0.0.0.0/0 Null 0010.dbb8.a6d9 - U - Root
eth2/6 0.0.0.0/0 Null 0010.dbb8.a6da - D - Root
eth2/7 0.0.0.0/0 Null 0010.dbb8.a6db - D - Root
eth2/8 0.0.0.0/0 Null 0010.dbb8.a6dc - D - Root
eth3/1 0.0.0.0/0 Null 0010.dbb8.a6dd - D - Root
eth3/2 0.0.0.0/0 Null 0010.dbb8.a6de - D - Root
loopback.1 21.21.21.1/24 Untrust N/A - U - Root
loopback.4 31.31.31.1/24 Trust N/A - U - Root
vlan1 0.0.0.0/0 VLAN 0010.dbb8.a6cf 1 D - Root
null 0.0.0.0/0 Null N/A - U - Root
nsisg1000->
nsisg1000-> 

 

Modification History:

2020-12-21: Article reviewed for accuracy, article correct and complete

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search