Wireless Access

Reply
Highlighted
New Contributor

Tunneled Node Reserved-VLAN and MTU

I need some help understanding some things about per-user tunneled node.

 

In the documentation, i can see that it is required that the user vlan is not tagged (or untagged) in the uplink. But since i have activated the "reserved-vlan" feature, it seems that all traffic from any user will be tunneled using the reserved-vlan, and the final vlan will be set in the final role in the controller. In that case, can i keep the users' final VLAN in the switch's uplink? I have tested it and it works. But is there any downside?

 

The other question i have is about MTU/Jumbo Frame on the VLANs. Do i need to set the jumbo frame mtu in the reserved-vlan? in the final user's VLAN? or in the switch's uplink vlan (the one it has an ip address)?

When i set it in the user's vlan, or the reserved-vlan nothing changes(user vlan/reserved-vlan is not trunked throughout the network). But when i set the mtu in the uplink vlan, and throughout the network, i can see in the "show tunneled-node-mgr user-tunnel-table" that the mtu is using jumbo frames:

---------------------------------------------------------------------------------------------

 

#show tunneled-node-mgr user-tunnel-table

Tunnel Info Table Entries
----------------------------------

u - Untagged VLAN

Tunnel Id Tunneled Node BCMC TO UCast Key MTU Curr Users VLANs
--------- ------------- ------------- ---- ---- ---------- -----
tunnel 37 192.168.83.239 1 3 1566 1 1050,4000
tunnel 48 192.168.83.239 1 1 1566 1 1050,4000
tunnel 12 192.168.83.239 1 7 1566 1 1050,4000
tunnel 13 192.168.83.239 1 6 1566 1 1050,4000

---------------------------------------------------------------------------------------------

 

Is this the right configuration?

 

I have followed the documentation on ASE to set the jumbo frame parameters:

 

jumbo max-frame-size 1584
jumbo ip-mtu 1566

Thank you all for the time taken to clarify these things!

 

Best regards,

 

Victor Rizzo

 

Highlighted
Aruba Employee

Re: Tunneled Node Reserved-VLAN and MTU

Hi, you only need to enable jumbo on the VLAN/VLANs used for communication between the switch and the controller. You don´t need to enable jumbo on the reserved VLAN or the user VLAN. Test that everything is working correctly by doing a ping plugged into the switch as a user with the don´t fragment bit set, on Windows, ping -f -l 1472 8.8.8.8.

Highlighted
New Contributor

Re: Tunneled Node Reserved-VLAN and MTU

Hi,

 

I have tried enabling jumbo frames in the whole path between the switch and the controller, and the connection in the tunnel seems to be using that mtu (1566).

But i'm not able to ping 8.8.8.8 with the dont fragment bit set and with the size of 1472. And when i enable the jumbo frame, some websites become unreachable. I have tried raising the ip mtu to 1584 and 1602 but the scenario is the same.

 

I'm starting to think that i'm better off with leaving mtu at 1500.

 

I'm trying to configure this because when i applied tunneling to 2 complete swicthes (96 ports), we started to have some serious packet loss, and both the switch and the controller seemed to be fine. Then i checked the documentation and saw about the mtu.

 

Anything else i could try?

 

Thanks for the time

 

Best regards,

 

Victor Rizzo

Highlighted
Aruba Employee

Re: Tunneled Node Reserved-VLAN and MTU

Hi, it sounds like a problem with MTU somewhere on the patch between the switch and the controller. Here is an example config, I use VLAN 14 which is the source IP address for user based tunneling and I only enable jumbo on that VLAN. Can you share your UBT config? How  many switches are on the path between the access switch and the controller?

 

jumbo ip-mtu 1566
jumbo max-frame-size 1584

tunneled-node-server
   controller-ip 10.10.10.1
   backup-controller-ip 10.10.10.2
   mode role-based reserved-vlan 4000
   exit

vlan 14
   name "UBT-VLAN"
   tagged Trk1
   ip address 10.22.14.10 255.255.255.0
   jumbo
exit

vlan 4000
   name "TUNNELED_NODE_SERVER_RESERVED"
   no ip address
   exit

ip source-interface tunneled-node-server vlan 14

 

Highlighted
New Contributor

Re: Tunneled Node Reserved-VLAN and MTU

Here's the config:

 

jumbo ip-mtu 1566
jumbo max-frame-size 1584
tunneled-node-server
   controller-ip 192.168.83.251
   backup-controller-ip 192.168.83.252
   mode role-based reserved-vlan 4000
   exit

vlan 2
   name "GERENCIA-SRV-SW"
   untagged 1/32
   tagged 1/48
   ip address 192.168.83.239 255.255.254.0
   jumbo
   exit

vlan 4000
   name "TUNNELED_NODE_SERVER_RESERVED"
   no ip address
   exit

I have even used the same VLAN ID for the reserved-vlan. But the only thing different is that i haven't used the "ip source-interface tunneled-node-server vlan" command, since my switch only has one IP interface.

I have 2 switches on the path between this switch and the controller. Jumbo frames are set on the entire path with the same values, and the controller is recieving the frames as jumbo size.

Do you think that it is necessary to enable jumbo frames on the controller, like APs or is it comes enabled by default for tunneled node?

Thank you!

 

Victor Rizzo

 

Highlighted
MVP Guru

Re: Tunneled Node Reserved-VLAN and MTU

You should enable jumbo on the controller interfaces as well. Default is disabled.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted
New Contributor

Re: Tunneled Node Reserved-VLAN and MTU

Hi Herman!

 

I've tried that, but to enable it on the controller interface i need to enable jumbo frames globally on the controller and then mark the interface as jumbo. I did that, but the lowest jumbo mtu it is allowed to set on the controller is 1700.

I left it at the default 9126 and changed the whole path to that mtu. It did not change anything. I've also tested it with jumbo enabled on the controller but with the switch mtu as 1584. Stayed the same.

 

Overall it seems like it doesnt matter if it is enabled on the controller or not, and doesn't matter the mtu size. By using the same mtu on the whole path, the tunnel uses that mtu set.

 

But still, it continues fragmenting the packets when i try to ping with the size of 1472.

 

Any other ideas of configurations i could make? By the way, thank you for the time taken to help me guys.

 

Victor Rizzo

MVP Guru

Re: Tunneled Node Reserved-VLAN and MTU

In order to solve such MTU issues, I think it is critical to find out what are all the components in the path and where exactly is the fragmentation happening. Once you know where and why the framentation is happening it probably is trivial to solve the issue.

 

BTW, I typically set the jumbo mtu sizes to the default/max/9000 under the assumption that it allows the largest packets without fragmenting at all.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted
Regular Contributor II

Re: Tunneled Node Reserved-VLAN and MTU

How do you set the MTU for the VLAN that has the Controller IP that the switch will connect to?

I can only set it to 1500.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: