Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1937
Views
0
Helpful
3
Replies

no mls verify ip checksum

aparksvolvo
Level 4
Level 4

‎10-28-2010 05:10 AM - edited ‎03-06-2019 01:46 PM

I've done quite a bit of digging and I can't find anything so I'm going to ask here.  Does anyone know if turning this feature off globally in a 6500 is potentially service impacting?  We have a couple of Juniper SRX boxes on our network that are having trouble talking to each other because of their invalid ip checksum headers which get dropped.  To bandaid this they want us to turn off the checksum feature globally.  Before I do, I want to make sure this isn't going to cause us other problems.  Any thoughts?

1 person had this problem
Labels:
0 Helpful
3 Replies 3

phiharri
Level 1
Level 1

‎10-28-2010 10:22 AM

In short, applying 'no mls verify ip checksum' is not service impacting. Like any change it would be wise to consider risks/benefits and apply it during a scheduled window or at least outside of peak hours.

The config line will simply set a register bit on the forwarding engine(s) instructing them to forward packets with an incorrect IP checksum rather than the current behaviour of discarding them. Ongoing flows will not be affected. If the SRXs are the only devices sending such packets and you're okay with not being notified about this "bad behaviour" for any future devices then I don't see a problem in going ahead!

Hope this helps,

/Phil

0 Helpful

aparksvolvo
Level 4
Level 4
In response to phiharri

‎10-28-2010 11:40 AM

Thank you Philip! I suspected as much but I wanted to hear someone else say it besides me. As to being "ok" with Juniper's bad behavior, I'm not. However I've been assured that this is fixed in the next release of their OS and to get things going for now I'll apply this bandaid to fix their problem.

0 Helpful

Thalesthales
Level 1
Level 1

‎05-10-2021 07:14 AM

Ok !

Any of my  C4500/6500 serie seems to recognize

Switch(config)#no mls verify ip checksum

Command....Their are all on the right version to run...

Is their a specific way to use this command....

CASE

JUN srx5400 release 15.1x49-d110.4 / Catalyst 4500 version 03.08.06.E

can't use command...

 

 

JUN srx5400 release 15.1x49-d110.4 / cisco WS-C6506-E Version 15.2(1)SY7

I got following, since the problem remains.....

 

CATC1VLBLTB0#show mls rp

ip multilayer switching is globally disabled

ipx multilayer switching is globally disabled

ipx mls inbound acl override is globally disabled

mls id is 0015.6f18.7800

mls ip address 0.0.0.0

mls ip flow mask is unknown

mls ipx flow mask is unknown

number of domains configured for mls 0

 

0 Helpful
Customers Also Viewed These Support Documents