Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

preserve-incoming-fragment-size

Syntax

Hierarchy Level

Description

Enable the preserve incoming fragment size feature that allows the SRX Series Firewall to preserve the size of incoming fragments to be used in determining the best maximum transmission unit (MTU) size for the egress interface.

When data is sent from one host to another, it is transmitted as a series of packets. Performance is improved and network resources are conserved when packets of the largest size can transit the path from the source node to the destination node without being fragmented at any link in the datapath.

If application-layer services are configured on the SRX Series Firewall, packet fragments at the ingress interface must be reassembled before the services can be applied and the content inspected. These reassembled packet fragments must be broken down again before the data is transmitted out the egress interface.

When a packet must be fragmented into smaller packets to transit a link in the path because the packet is larger than the MTU size established for that link, each of the resulting fragments must contain packet header information, in addition to the payload, or data. The increased overhead can lower throughput and degrade network performance. Also, the packet fragments must be reassembled at the destination node, which consumes additional network resources.

By default, the SRX Series Firewall uses the MTU size configured for the egress interface to determine the size for the packet fragments it transmits. However, if you enable the preserve incoming fragment size feature, the SRX Series Firewall detects and saves the size of incoming packet fragments and takes that into account. To diminish the likelihood of packet fragmentation in the datapath, the SRX Series Firewall sets the egress interface MTU size to the smaller of two values: It identifies the maximum size of all incoming fragments and it compares that size to the existing MTU size of the egress interface. The SRX Series Firewall takes the smaller number and uses it for the egress interface MTU size.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1X49-D100.