This article describes the issue of the inet MTU value not reverting to its default value, when the inet MTU configuration is removed.
The default inet MTU for the secure tunnel interface is 9192. When modifying this value, you need to be aware of the following issue:
When inet MTU is configured at the same time as the interface family is configured, the inet MTU will change accordingly; however, it will not revert to the default value of 9192, when the inet MTU configuration is removed.
{primary:node0}[edit] root@srx3600a# show interfaces st0 < no existing st0 configuration {primary:node0}[edit] root@srx3600a# set interfaces st0.0 family inet mtu 1500 < inet MTU is being changed at the same time that family inet is set {primary:node0}[edit] root@srx3600a# commit commit complete root@srx3600a# run show interfaces st0.0 extensive | match MTU Protocol inet, MTU: 1500, Generation: 186, Route table: 0 < inet mtu has been successfully changed to 1500 CPP0(srx3600a vty)# show interfaces st0.0 ~~~~ Protocols: Protocol: IPv4, MTU: 1500 bytes, Flags: 0x8000000200000800, Route table: 0 < vty output also displays the correct value {primary:node0}[edit] root@srx3600a# delete interfaces st0.0 family inet mtu < the inet mtu configuration is being removed {primary:node0}[edit] root@srx3600a# commit commit complete {primary:node0}[edit] root@srx3600a# run show interfaces st0.0 extensive | match MTU Protocol inet, MTU: 1500, Generation: 186, Route table: 0 < the inet value is still 1500, even though the configuration has been removed CPP0(srx3600a vty)# show interfaces st0.0 ~~~~ Protocols: Protocol: IPv4, MTU: 1500 bytes, Flags: 0x8000000200000000, Route table: 0 < vty output also displays that the MTU value has not reverted to 9192
This issue does not occur, when the interface family is first configured and committed and then the inet MTU value is changed:
{primary:node0}[edit] root@srx3600a# set interfaces st0.0 family inet < interface family inet is being set first, without modifying the default inet mtu value {primary:node0}[edit] root@srx3600a# commit commit complete {primary:node0}[edit] root@srx3600a# run show interfaces st0.0 extensive | match MTU Protocol inet, MTU: 9192, Generation: 185, Route table: 0 < displays the default inet MTU value of 9192 {primary:node0}[edit] root@srx3600a# set interfaces st0.0 family inet mtu 1500 < inet MTU is being modified {primary:node0}[edit] root@srx3600a# commit commit complete {primary:node0}[edit] root@srx3600a# run show interfaces st0.0 extensive | match MTU Protocol inet, MTU: 1500, Generation: 185, Route table: 0 < displays the correct value {primary:node0}[edit] root@srx3600a# delete interfaces st0.0 family inet mtu < the inet MTU configuration is being removed {primary:node0}[edit] root@srx3600a# commit commit complete {primary:node0}[edit] root@srx3600a# run show interfaces st0.0 extensive | match MTU Protocol inet, MTU: 9192, Generation: 185, Route table: 0 inet MTU has been reverted to the default value of 9192
This is due to a bug that is related to the kernel interface update function.
If, in any case, the inet MTU of the secure tunnel interface does not revert to the default value of 9192, it can be explicitly configured:
{primary:node0}[edit] root@srx3600a# set interfaces st0.0 family inet mtu 9192