SRX Services Gateway
Highlighted
SRX Services Gateway

German FTTH PPPoE Experience using a SRX (GlasfaserConnect Bochum)

[ Edited ]
2 weeks ago

Hi,

 

I just want to share my experience with setting up a FTTH connection using a SRX300. Basically my ISP only provides a PPPoE username and password and that you have to use VLAN-tagging with VLAN-ID 7. In theory you are allowed to use any router but they provide no help whatsoever.

 

After setting up the connection with some default values, I found that the performance wasn't as expected so after some reading and sniffing with Wireshark I found that I had a big fragmentation Problem so I had to tweak the MTU

 

MTU, from the SRX: > ping 1.1.1.1 size 1412 do-not-fragment, so I changed the MTU to 1412+ 28= 1440 (from 1490 what is suggested for PPPoE.

 

This improved the performance somewhat.

 

Allowing ping ping on the internet (untrust) zone gave a little further improvement, this allows for Path MTU Discovery (PMTUD).

 

Only after changing the MSS value did I see good performance MSS= MTU-40=1400

 

This is the (relevant) configuration I ended up with:

 

 

security {
    flow {
        tcp-mss {
            all-tcp {
                mss 1400;
            }
        }
    }
    zones {
        security-zone untrust {
            screen untrust-screen;
            host-inbound-traffic {
                system-services {
                    ping;
                }
            }
            interfaces {
                ge-0/0/0.7;
                pp0.0;
            }
        }
    }
}
interfaces {
    ge-0/0/0 {
        vlan-tagging;
        unit 7 {
            encapsulation ppp-over-ether;
            vlan-id 7;
        }
    }
    pp0 {
        unit 0 {
            point-to-point;
            ppp-options {
                pap {
                    local-name "username";
                    local-password "password"; ## SECRET-DATA
                    passive;
                }                       
            }
            pppoe-options {
                underlying-interface ge-0/0/0.7;
                idle-timeout 0;
                auto-reconnect 10;
                client;
            }
            family inet {
                mtu 1440;
                primary;
                negotiate-address;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop pp0.0;
            metric 0;
        }
    }
}

 

 

Feedback