Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

no mls verify ip checksum

I've done quite a bit of digging and I can't find anything so I'm going to ask here.  Does anyone know if turning this feature off globally in a 6500 is potentially service impacting?  We have a couple of Juniper SRX boxes on our network that are having trouble talking to each other because of their invalid ip checksum headers which get dropped.  To bandaid this they want us to turn off the checksum feature globally.  Before I do, I want to make sure this isn't going to cause us other problems.  Any thoughts?

2 REPLIES
Silver

Re: no mls verify ip checksum

In short, applying 'no mls verify ip checksum' is not service impacting. Like any change it would be wise to consider risks/benefits and apply it during a scheduled window or at least outside of peak hours.

The config line will simply set a register bit on the forwarding engine(s) instructing them to forward packets with an incorrect IP checksum rather than the current behaviour of discarding them. Ongoing flows will not be affected. If the SRXs are the only devices sending such packets and you're okay with not being notified about this "bad behaviour" for any future devices then I don't see a problem in going ahead!

Hope this helps,

/Phil

New Member

Re: no mls verify ip checksum

Thank you Philip! I suspected as much but I wanted to hear someone else say it besides me. As to being "ok" with Juniper's bad behavior, I'm not. However I've been assured that this is fixed in the next release of their OS and to get things going for now I'll apply this bandaid to fix their problem.

979
Views
0
Helpful
2
Replies
CreatePlease login to create content