Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

Max Frame Size and IP-MTU in AOS/AOS-CX with a MacSec interface in use over a ISP/L2tunnel

This thread has been viewed 12 times
  • 1.  Max Frame Size and IP-MTU in AOS/AOS-CX with a MacSec interface in use over a ISP/L2tunnel

    Posted Jul 24, 2022 06:44 AM

    ISP/mpls networks, MTU limitation vs. AOS/CX and MACSec

    Based on the ISP requirement/limitation they can only handle a Max Frame Size: 9192;    

    Inside the mpls network.

    sh jumbos (AOS)

    Configured :  Max Frame Size :  9216      IP-MTU :  9198

    In Use     :      Max Frame Size :  9216      IP-MTU :  9198

     

    The CX states on a Physical interface:

    SW(config-if)# mtu

    • BYTES The MTU value in bytes in the range <46-9198> (Default: 1500)

    The CX states on a SVI:

    SW(config-if-vlan)# ip mtu

    • <68-9198> The IP payload MTU value in bytes (Default: 1500)

     

     What should the Max Frame Size/IP-MTU be set to on the SVI and or Physical,

    for all MacSec frames to be traversed, understanding there is an overhead for the MacSec.



  • 2.  RE: Max Frame Size and IP-MTU in AOS/AOS-CX with a MacSec interface in use over a ISP/L2tunnel
    Best Answer

    Posted Jul 25, 2022 01:52 AM
    MacSec adds a 32byte overhead to the packets. Based on the mpls network MTU limitation , MTU size can be set in AOS-CX switches i.e 9192-32

    ------------------------------
    Shobana
    Aruba
    ------------------------------



  • 3.  RE: Max Frame Size and IP-MTU in AOS/AOS-CX with a MacSec interface in use over a ISP/L2tunnel

    Posted Jul 25, 2022 01:59 AM
    Thanks


  • 4.  RE: Max Frame Size and IP-MTU in AOS/AOS-CX with a MacSec interface in use over a ISP/L2tunnel

    Posted Jul 25, 2022 02:21 AM

    However is it necessary to decrease the OS,(2930F 's) Max Frame Size of 9216 equally ?,

    Alternatively, will this do the trick on a OS switch:

    • Configured :
      • Max Frame Size : 9216      IP-MTU :  9160

     

    • And OS-CX:
      • MTU & IP MTU: 9160