I've done quite a bit of digging and I can't find anything so I'm going to ask here. Does anyone know if turning this feature off globally in a 6500 is potentially service impacting? We have a couple of Juniper SRX boxes on our network that are having trouble talking to each other because of their invalid ip checksum headers which get dropped. To bandaid this they want us to turn off the checksum feature globally. Before I do, I want to make sure this isn't going to cause us other problems. Any thoughts?
In short, applying 'no mls verify ip checksum' is not service impacting. Like any change it would be wise to consider risks/benefits and apply it during a scheduled window or at least outside of peak hours.
The config line will simply set a register bit on the forwarding engine(s) instructing them to forward packets with an incorrect IP checksum rather than the current behaviour of discarding them. Ongoing flows will not be affected. If the SRXs are the only devices sending such packets and you're okay with not being notified about this "bad behaviour" for any future devices then I don't see a problem in going ahead!
Thank you Philip! I suspected as much but I wanted to hear someone else say it besides me. As to being "ok" with Juniper's bad behavior, I'm not. However I've been assured that this is fixed in the next release of their OS and to get things going for now I'll apply this bandaid to fix their problem.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...