copy-dont-fragment-bit (Services Set)
Syntax
copy-dont-fragment-bit;
Hierarchy Level
[edit services service-set service-set-name ipsec-vpn-options]
Description
Copy the do not fragment (DF) bit value to only
the outer header and not modify the inner header of the IPsec packet
in dynamic endpoint tunnels. If the encapsulated packet size exceeds
the tunnel maximum transmission unit (MTU), the packet is fragmented
before encapsulation. This functionality is supported on MX Series
routers with MS-MICs and MS-MPCs. These settings apply for dynamic
endpoint tunnels and not for static tunnels, for which you need to
include the copy-dont-fragment-bit statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level to copy the DF bit
value to only the outer header of the packet in a static IPsec tunnel.
This functionality is supported on MX Series routers with MS-MICs
and MS-MPCs.
By default, this statement is disabled on MS-MICs and MS-MPCs (the DF bit value is not copied to the outer header by default).
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 14.1.