This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PA-500 and Jumbo Frames

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA-500 and Jumbo Frames

GtY007
L0 Member

‎07-24-2013 03:27 PM

Background:

I've been doing some testing with a pair of A/A PA-500's and decided to enable jumbo frames on a file server. I understand that the PA-500 does not support jumbo frames but when I begin a file transfer, it works, running at about 5,017 Kbps. After a little while the frame size reaches 4464-bytes and my speed increases to 392,644 Kbps, way above the Threat prevention throughput of the firewall, listed as 100 Mbps (~102,400 Kbps). When this happened my CPU usage goes from 99% to about 66%, so something is still being processed. The Session Browser still shows all traffic being matched through my test rule called "Allow All". This rule has Anti-virus, Anti-spyware, Vulnerability Protection, and URL filtering turned on.


Questions:

- Is there any documentation about Jumbo Frame for the PA-500, I haven't been able to find an explanation that accounts for my test scenario?

- What happens when the PA-500 encounters a frame size over 1500 MTU, does is just pass it through without inspection (hence the speed increase)?

- When the Session Browser says that the "Allow All" rule is being matched, does that mean the Jumbo Frames are being processed, if not, why is there a rule match, if yes, how is it possible to get such speed and low CPU usage?

- Should I force the firewall to drop Jumbo Frames if they are encountered, to ensure security (if they are not processed), if so, how?


Any thoughts are appreciated.


Thank you,

Alain

0 Likes Likes
3 REPLIES 3

HULK
L7 Applicator

‎07-24-2013 03:57 PM

Hi Alain,

Please find below mentioned discussion, hope it will help you for the 1st Qn.

https://live.paloaltonetworks.com/docs/DOC-2208#comment-4467

Thanks

subhankar

0 Likes Likes

HULK
L7 Applicator
In response to HULK

‎07-24-2013 04:01 PM

Hi,

What happens when the PA-500 encounters a frame size over 1500 MTU, does is just pass it through without inspection (hence the speed increase)?

Ans:- No, it should  fragment the packet into a smaller size as per the MTU of  that link.


Thanks

Subhankar

0 Likes Likes

GtY007
L0 Member
In response to HULK

‎07-24-2013 04:01 PM

Thank you, I did see that doc, but it only helps me understand that the PA-500 does not support Jumbo Frames. With that in mind, I'm trying to figure out what exactly happens when it does encounter one.

0 Likes Likes
  • 3179 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks