Problem: Packet size and fragmentation issues

General information

Large packet sizes from the managed devices are being dropped by intermediate routers because the packets exceed the device MTU or the devices are not configured to forward fragmented packets, causing resynchronizations to fail. The managed devices are configured to send SNMP packets of up to 9216 bytes. The NFM-P can accept such large SNMP packets.

However, the typical L2 or L3 interface MTU on an NFM-P-managed device is likely configured to transmit smaller SNMP packets, usually in the 1500-byte range. This causes packet fragmentation. In order to handle these fragmented packets, intermediate devices between the NFM-P-managed device and NFM-P must be configured to handle or forward fragmented packets. When an intermediate network device, such as a router, cannot handle or forward fragmented packets, then packets may be dropped and resynchronization may fail.

Consider the following:

• The network infrastructure that carries traffic between the NFM-P main and auxiliary servers and the managed NEs must support fragmentation and reassembly of the UDP packets for NEs that have an SNMP PDU size greater than the MTU configured for the network path between the NE and NFM-P. The 7210 SAS, 7450 ESS, 7705 SAR, 7710 SR, 7750 SR, and 7950 XRS require an SNMP PDU size of 9216 bytes and fragmentation support in the network path between the NFM-P and the NE.

• Ensure that the CPM filters on managed devices are configured to accept fragmented packets, and that this filter policy is configured on each server in a redundant NFM-P deployment.

• Ensure that devices located between the managed devices, such as the 7750 SR, and the NFM-P can handle an MTU size of 9216 bytes, can fragment large SNMP packets, or can forward fragmented L2 or L3 packets.

• Verify the MTU packet sizes for all LAN devices.

• Verify that large packets can travel from the managed devices to the NFM-P by using CLI to ping the IP address of the NFM-P server, with a large packet.

• Ensure that the firewalls between the managed devices and the NFM-P server are configured to allow traceroute and ping packets.

Steps

1	Log in to the 7750 SR or another NFM-P-managed device.
2	Run the traceroute command: > traceroute SAM_server_IP_address ↵ A list of hops and IP addresses appears.
3	Ping the first hop in the route from the managed device to the NFM-P server: > ping intermediate_device_IP_address size 9216 ↵ A successful response indicates that the intermediate device supports large SNMP packets or packet fragmentation.
4	Repeat for all other hops until a ping fails or until a message indicates that there is an MTU mismatch. A failed ping indicates that the intermediate device does not support large SNMP packets or packet fragmentation.
5	Check the configuration of the intermediate device, and configure fragmentation or enable a larger MTU size. End of steps