I need some help understanding some things about per-user tunneled node.
In the documentation, i can see that it is required that the user vlan is not tagged (or untagged) in the uplink. But since i have activated the "reserved-vlan" feature, it seems that all traffic from any user will be tunneled using the reserved-vlan, and the final vlan will be set in the final role in the controller. In that case, can i keep the users' final VLAN in the switch's uplink? I have tested it and it works. But is there any downside?
The other question i have is about MTU/Jumbo Frame on the VLANs. Do i need to set the jumbo frame mtu in the reserved-vlan? in the final user's VLAN? or in the switch's uplink vlan (the one it has an ip address)?
When i set it in the user's vlan, or the reserved-vlan nothing changes(user vlan/reserved-vlan is not trunked throughout the network). But when i set the mtu in the uplink vlan, and throughout the network, i can see in the "show tunneled-node-mgr user-tunnel-table" that the mtu is using jumbo frames:
#show tunneled-node-mgr user-tunnel-table
Tunnel Info Table Entries
u - Untagged VLAN
Tunnel Id Tunneled Node BCMC TO UCast Key MTU Curr Users VLANs
--------- ------------- ------------- ---- ---- ---------- -----
tunnel 37 192.168.83.239 1 3 1566 1 1050,4000
tunnel 48 192.168.83.239 1 1 1566 1 1050,4000
tunnel 12 192.168.83.239 1 7 1566 1 1050,4000
tunnel 13 192.168.83.239 1 6 1566 1 1050,4000
Is this the right configuration?
I have followed the documentation on ASE to set the jumbo frame parameters:
jumbo max-frame-size 1584
jumbo ip-mtu 1566
Thank you all for the time taken to clarify these things!
Hi, you only need to enable jumbo on the VLAN/VLANs used for communication between the switch and the controller. You don´t need to enable jumbo on the reserved VLAN or the user VLAN. Test that everything is working correctly by doing a ping plugged into the switch as a user with the don´t fragment bit set, on Windows, ping -f -l 1472 126.96.36.199.
I have tried enabling jumbo frames in the whole path between the switch and the controller, and the connection in the tunnel seems to be using that mtu (1566).
But i'm not able to ping 188.8.131.52 with the dont fragment bit set and with the size of 1472. And when i enable the jumbo frame, some websites become unreachable. I have tried raising the ip mtu to 1584 and 1602 but the scenario is the same.
I'm starting to think that i'm better off with leaving mtu at 1500.
I'm trying to configure this because when i applied tunneling to 2 complete swicthes (96 ports), we started to have some serious packet loss, and both the switch and the controller seemed to be fine. Then i checked the documentation and saw about the mtu.
Anything else i could try?
Thanks for the time
Hi, it sounds like a problem with MTU somewhere on the patch between the switch and the controller. Here is an example config, I use VLAN 14 which is the source IP address for user based tunneling and I only enable jumbo on that VLAN. Can you share your UBT config? How many switches are on the path between the access switch and the controller?
jumbo ip-mtu 1566jumbo max-frame-size 1584
tunneled-node-server controller-ip 10.10.10.1 backup-controller-ip 10.10.10.2 mode role-based reserved-vlan 4000 exit
vlan 14 name "UBT-VLAN" tagged Trk1 ip address 10.22.14.10 255.255.255.0 jumboexit
vlan 4000 name "TUNNELED_NODE_SERVER_RESERVED" no ip address exit
ip source-interface tunneled-node-server vlan 14
Here's the config:
jumbo ip-mtu 1566
jumbo max-frame-size 1584
mode role-based reserved-vlan 4000
ip address 192.168.83.239 255.255.254.0
no ip address
I have even used the same VLAN ID for the reserved-vlan. But the only thing different is that i haven't used the "ip source-interface tunneled-node-server vlan" command, since my switch only has one IP interface.
I have 2 switches on the path between this switch and the controller. Jumbo frames are set on the entire path with the same values, and the controller is recieving the frames as jumbo size.
Do you think that it is necessary to enable jumbo frames on the controller, like APs or is it comes enabled by default for tunneled node?
You should enable jumbo on the controller interfaces as well. Default is disabled.
I've tried that, but to enable it on the controller interface i need to enable jumbo frames globally on the controller and then mark the interface as jumbo. I did that, but the lowest jumbo mtu it is allowed to set on the controller is 1700.
I left it at the default 9126 and changed the whole path to that mtu. It did not change anything. I've also tested it with jumbo enabled on the controller but with the switch mtu as 1584. Stayed the same.
Overall it seems like it doesnt matter if it is enabled on the controller or not, and doesn't matter the mtu size. By using the same mtu on the whole path, the tunnel uses that mtu set.
But still, it continues fragmenting the packets when i try to ping with the size of 1472.
Any other ideas of configurations i could make? By the way, thank you for the time taken to help me guys.
In order to solve such MTU issues, I think it is critical to find out what are all the components in the path and where exactly is the fragmentation happening. Once you know where and why the framentation is happening it probably is trivial to solve the issue.
BTW, I typically set the jumbo mtu sizes to the default/max/9000 under the assumption that it allows the largest packets without fragmenting at all.
How do you set the MTU for the VLAN that has the Controller IP that the switch will connect to?
I can only set it to 1500.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.