Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to enable Jumbo Frame support in IDP 5.x

0

0

Article ID: KB13932 KB Last Updated: 07 Mar 2014Version: 2.0
Summary:

This article describes the support for JUMBO frames in IDP 5.x and shows how to enable JUMBO frames in IDP 5.x.

Symptoms:

Cause:

Solution:

Prior to IDP 5.0, the IDP sensor processed traffic with a frame size of 1500 bytes or less.

In IDP 5.0 and 5.1, JUMBO frames (frames with more than 1500 bytes) are supported.

IDP 5.x (5.0 and 5.1) supports JUMBO frames up to a size of 16014 bytes.


Controlling Max Frame Size

Max frame size allowed can be controlled via a CLI command, as shown below:

scio const list | grep sc_max_frame_size

If the default value of sc_max_frame_size is set to ox2336 (9014), IDP will receive packets containing a maximum of 9014 bytes.


Modifying Max Frame Size

To set max_frame_size to 12000 bytes, convert 12000 to a hex number and run the following command by passing the hex number as a parameter:

scio const set sc_max_frame_size 0x2EE0

There is no need to modify the interface MTU settings. The J-Net Driver automatically handles the processing of JUMBO frames.


Making the JUMBO Frame Setting Permanent

To make the JUMBO frame setting permanent, follow the steps below:

  1. Login to the sensor via ssh and become root user

  2. Change location to /usr/idp/device/bin.

  3. Take a backup of the user_funcs file:
    cd /usr/idp/device/bin
    cp user_funcs user_funcs_orig
  4. Edit the user_funcs file using the vi editor. In this file, search for the user_start_end function. Under this function, add the following line just before the return statement:
    $SCIO const set sc_max_frame_size 0x2EE0
  5. Save the file. The modified user_start_end function should look like this:
    user_start_end ()
    {
    # Enable spanning tree protocol
    # -----------------------------
    # This enables spanning tree protocol support in IDP when running in
    # bridge mode. If you have multiple virtual routers, you need to perform
    # this operation on all defined virtual routers.
    #
    # $SCIO const -v vr0 set sc_stp_enabled 1
    $SCIO const set sc_max_frame_size 0x2EE0

    return;
    }
  6. This function will make the flag persistent. Even after a restart or a reboot of the sensor, the max frame size value will remain 12000 bytes.


Diagnostics

  1. Currently there is no way to measure the amount of JUMBO frame traffic processed by an IDP sensor.

  2. Any JUMBO frame traffic dropped by the IDP process is shown as part of the sc_kpp_drop counter:
    scio counter get kpp | grep sc_kpp_drop
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search