Hi all,
Just following up my previous post....
When further delving into the case, Packet dropped and Fragment packet are rapidly increasing on branches and hub srx device. After clearing flow statistics, in 10-min-timeframe I have got the following output from one of the branches and hub srx devices. +500 sites connected to the hub over ipsec vpn. Only branches have been configured as mss 1450
Here there are two things must be concerning. From the output, one is fragment packet and the second is Packet dropped.. Are these two things are different issues or same? And also their increasement nearly same at branch site. If a packet is fregmanted, why drop happens? It must be something different? How to determine these issues?
Before putting mss 1328 into current configuration, I need some evidence from efficient troubleshooting that shows fragment and drop happening? And what is the impact when playing mss value start point of 1328 during the business hours?
Look forward to seeing your replies.
Note: Previously I have got your all value ideas, techniques, approaches, but this time I want to do more comprehensively.
Branch site:
>show security flow statistics
Current sessions: 877
Packets forwarded: 805455
Packets dropped: 18626
Fragment packets: 26961
set security flow tcp-mss all-tcp mss 1450
Hub site:
>show security flow statistics
Current sessions: 20662
Packets forwarded: 14079819
Packets dropped: 3851
Fragment packets: 258276
Thanks
Ar