Wireless Access

last person joined: 2 minutes ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Tunneled Node Reserved-VLAN and MTU

  • 1.  Tunneled Node Reserved-VLAN and MTU

    Posted Dec 09, 2019 05:51 PM

    I need some help understanding some things about per-user tunneled node.

     

    In the documentation, i can see that it is required that the user vlan is not tagged (or untagged) in the uplink. But since i have activated the "reserved-vlan" feature, it seems that all traffic from any user will be tunneled using the reserved-vlan, and the final vlan will be set in the final role in the controller. In that case, can i keep the users' final VLAN in the switch's uplink? I have tested it and it works. But is there any downside?

     

    The other question i have is about MTU/Jumbo Frame on the VLANs. Do i need to set the jumbo frame mtu in the reserved-vlan? in the final user's VLAN? or in the switch's uplink vlan (the one it has an ip address)?

    When i set it in the user's vlan, or the reserved-vlan nothing changes(user vlan/reserved-vlan is not trunked throughout the network). But when i set the mtu in the uplink vlan, and throughout the network, i can see in the "show tunneled-node-mgr user-tunnel-table" that the mtu is using jumbo frames:

    ---------------------------------------------------------------------------------------------

     

    #show tunneled-node-mgr user-tunnel-table
    
    Tunnel Info Table Entries
    ----------------------------------
    
    u - Untagged VLAN
    
    Tunnel Id Tunneled Node BCMC TO UCast Key MTU Curr Users VLANs
    --------- ------------- ------------- ---- ---- ---------- -----
    tunnel 37 192.168.83.239 1 3 1566 1 1050,4000
    tunnel 48 192.168.83.239 1 1 1566 1 1050,4000
    tunnel 12 192.168.83.239 1 7 1566 1 1050,4000
    tunnel 13 192.168.83.239 1 6 1566 1 1050,4000

    ---------------------------------------------------------------------------------------------

     

    Is this the right configuration?

     

    I have followed the documentation on ASE to set the jumbo frame parameters:

     

    jumbo max-frame-size 1584
    jumbo ip-mtu 1566

    Thank you all for the time taken to clarify these things!

     

    Best regards,

     

    Victor Rizzo

     



  • 2.  RE: Tunneled Node Reserved-VLAN and MTU

    Posted Dec 10, 2019 05:36 AM

    Hi, you only need to enable jumbo on the VLAN/VLANs used for communication between the switch and the controller. You don´t need to enable jumbo on the reserved VLAN or the user VLAN. Test that everything is working correctly by doing a ping plugged into the switch as a user with the don´t fragment bit set, on Windows, ping -f -l 1472 8.8.8.8.



  • 3.  RE: Tunneled Node Reserved-VLAN and MTU

    Posted Dec 10, 2019 10:59 AM

    Hi,

     

    I have tried enabling jumbo frames in the whole path between the switch and the controller, and the connection in the tunnel seems to be using that mtu (1566).

    But i'm not able to ping 8.8.8.8 with the dont fragment bit set and with the size of 1472. And when i enable the jumbo frame, some websites become unreachable. I have tried raising the ip mtu to 1584 and 1602 but the scenario is the same.

     

    I'm starting to think that i'm better off with leaving mtu at 1500.

     

    I'm trying to configure this because when i applied tunneling to 2 complete swicthes (96 ports), we started to have some serious packet loss, and both the switch and the controller seemed to be fine. Then i checked the documentation and saw about the mtu.

     

    Anything else i could try?

     

    Thanks for the time

     

    Best regards,

     

    Victor Rizzo



  • 4.  RE: Tunneled Node Reserved-VLAN and MTU

    Posted Dec 10, 2019 02:58 PM

    Hi, it sounds like a problem with MTU somewhere on the patch between the switch and the controller. Here is an example config, I use VLAN 14 which is the source IP address for user based tunneling and I only enable jumbo on that VLAN. Can you share your UBT config? How  many switches are on the path between the access switch and the controller?

     

    jumbo ip-mtu 1566
    jumbo max-frame-size 1584

    tunneled-node-server
       controller-ip 10.10.10.1
       backup-controller-ip 10.10.10.2
       mode role-based reserved-vlan 4000
       exit

    vlan 14
       name "UBT-VLAN"
       tagged Trk1
       ip address 10.22.14.10 255.255.255.0
       jumbo
    exit

    vlan 4000
       name "TUNNELED_NODE_SERVER_RESERVED"
       no ip address
       exit

    ip source-interface tunneled-node-server vlan 14

     



  • 5.  RE: Tunneled Node Reserved-VLAN and MTU

    Posted Dec 10, 2019 03:45 PM

    Here's the config:

     

    jumbo ip-mtu 1566
    jumbo max-frame-size 1584
    tunneled-node-server
       controller-ip 192.168.83.251
       backup-controller-ip 192.168.83.252
       mode role-based reserved-vlan 4000
       exit
    
    vlan 2
       name "GERENCIA-SRV-SW"
       untagged 1/32
       tagged 1/48
       ip address 192.168.83.239 255.255.254.0
       jumbo
       exit
    
    vlan 4000
       name "TUNNELED_NODE_SERVER_RESERVED"
       no ip address
       exit

    I have even used the same VLAN ID for the reserved-vlan. But the only thing different is that i haven't used the "ip source-interface tunneled-node-server vlan" command, since my switch only has one IP interface.

    I have 2 switches on the path between this switch and the controller. Jumbo frames are set on the entire path with the same values, and the controller is recieving the frames as jumbo size.

    Do you think that it is necessary to enable jumbo frames on the controller, like APs or is it comes enabled by default for tunneled node?

    Thank you!

     

    Victor Rizzo

     



  • 6.  RE: Tunneled Node Reserved-VLAN and MTU

    Posted Dec 11, 2019 05:42 AM

    You should enable jumbo on the controller interfaces as well. Default is disabled.



  • 7.  RE: Tunneled Node Reserved-VLAN and MTU

    Posted Dec 11, 2019 06:08 PM

    Hi Herman!

     

    I've tried that, but to enable it on the controller interface i need to enable jumbo frames globally on the controller and then mark the interface as jumbo. I did that, but the lowest jumbo mtu it is allowed to set on the controller is 1700.

    I left it at the default 9126 and changed the whole path to that mtu. It did not change anything. I've also tested it with jumbo enabled on the controller but with the switch mtu as 1584. Stayed the same.

     

    Overall it seems like it doesnt matter if it is enabled on the controller or not, and doesn't matter the mtu size. By using the same mtu on the whole path, the tunnel uses that mtu set.

     

    But still, it continues fragmenting the packets when i try to ping with the size of 1472.

     

    Any other ideas of configurations i could make? By the way, thank you for the time taken to help me guys.

     

    Victor Rizzo



  • 8.  RE: Tunneled Node Reserved-VLAN and MTU

    Posted Dec 12, 2019 04:48 AM

    In order to solve such MTU issues, I think it is critical to find out what are all the components in the path and where exactly is the fragmentation happening. Once you know where and why the framentation is happening it probably is trivial to solve the issue.

     

    BTW, I typically set the jumbo mtu sizes to the default/max/9000 under the assumption that it allows the largest packets without fragmenting at all.



  • 9.  RE: Tunneled Node Reserved-VLAN and MTU

    Posted Mar 04, 2020 05:44 AM

    How do you set the MTU for the VLAN that has the Controller IP that the switch will connect to?

    I can only set it to 1500.