ArubaOS AP MTU Support

By vikrams@aruba Unpublished


Question  :       How does the Aruba AP do a MTU discovery mechanism


Answer      :  

Usually Aruba APs use an MTU discovery mechanism to set an appropriate MTU for the GRE tunnel used for each BSSID. The AP sends the GRE packet of size 1578 with the do not fragment (DF) bit set. If the controller receives the packet, it returns the packet to the AP. Upon receipt, the AP sends a message to the controller that the GRE tunnel MTU is now 1578. The controller applies the MTU of 1578 to the tunnel.
The AP MTU discovery mechanism only tries a packet size of 1578 with the DF bit set. If the MTU discovery fails, that is, the packet is either not received by the controller or the return packet not received by the AP, the MTU of the tunnel is 1500. If the MTU discovery is successful, then the MTU is 1578.
Basically the Aruba AP will check for the SAP MTU Value configured in the system profile. Based on the configured value, the AP will send out the packet to the uplink. If the uplink switch(i.e the interface where the AP got connected is set to 1500 or more than this value) then the switch will forward the packet to his uplink or next hop without any fragmentation. If the MTU value configured on the switch interface is less than the AP's MTU value, then the switch will fragment the packet and pass the traffic.
Some switches will combine all the packet and send it as giant MTU packet, say for example if the switch is configured with MTU of 8000 and the switch is getting the packet from the AP or client with MTU of 1500. Then the switch will collect all the 1500 MTU packet and combine it to reach the MTU of 8000 and forward the data. This is to reduce the buffer and process overhead in the switch(For all the combined packet the switch will user single header and footer). So in this situation we will have the problem for the AP's to come up in the controller.



Related Links :



1 comment


Apr 03, 2018 04:16 AM

What happens with IPSec traffic in the case of control-plane security being enabled?