Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[AF] Frequent offline access to BBC: Network environment limits large packets, leading to negotiation retransmission

Posted
Updated
Byadmin
Views5

Problem Description

AF gateway mode deployment, connected to BBC, BBC status is often offline

Warning Info

Effective troubleshooting steps

  1. Check AF System fault log

    According to the Logs, the negotiation timed out.

  2. AF is deployed in Layer 2 mode. The packets of port 5000 are captured at both the internal and external ports. The session at the time when the corresponding log shows timeout and disconnection is foundSessions

    Analysis revealed that the BBC negotiation data contained a 1500-byte packet that was being retransmitted;
    In the AF background, I pinged the bbc address with a 1500-byte packet, but it failed.
    Knowing that the user environment export is ADSL dial-up, the PPPoE protocol header itself will occupy 8 bytes, so the MTU that can be transmitted is 1492. If the AF negotiation sends 1500 bytes, it cannot be transmitted normally.

  3. Modify the MSS value negotiated with the bbc corresponding IP and reduce it to 1300. Then it can be connected normally.

Root cause

Network environment limits the transmission of large packets

solution

Reduced the MSS value negotiated with the BBC address

Operation Impact Scope

None

Original Link

https://support.sangfor.com.cn/cases/list?product_id=13&type=1&category_id=2050&isOpen=true