set-dont-fragment-bit (Services Set)
Syntax
set-dont-fragment-bit;
Hierarchy Level
[edit services service-set service-set-name ipsec-vpn-options]
Description
Configure the do not fragment (DF) bit in only
the outer header of the IPsec packet and leave the inner header unmodified
for dynamic endpoint tunnels. If the encapsulated packet size exceeds
the tunnel maximum transmission unit (MTU), the packet is fragmented
before encapsulation. These settings apply for dynamic endpoint tunnels
and not for static tunnels, for which you need to include the set-dont-fragment-bit statement at the [edit services
ipsec-vpn rule rule-name term term-name then] hierarchy level to set the DF bit in the outer header
of the IPv4 packets that enter the static IPsec tunnel. This functionality
is supported on MX Series routers with MS-MICs and MS-MPCs.
By default, this statement is disabled on MS-MICs and MS-MPCs (the DF bit value is not configured in the outer header by default).
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 14.1.