Performance - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - LINK LAYER CONFIGURATION GUIDE 2010-10-13 Configuration Manual

JunosE 11.3.x Link Layer Configuration Guide
266
stacked over L2TP on LNS, it prevents PPP control packets from causing IP fragmentation
and reassembly on the Ethernet downlink. Hence, if EAP is configured as a PPP
authentication protocol, then EAP packet or fragment size is affected by the intercontroller
buffer exchange limit as follows:
The MRU value advertised by JunosE in the LCP request packet takes the lowest of
the following values:
the lower layer MRU minus the PPP overhead
the configured MRU
1450 bytes
The MTU value is initialized by JunosE to the lowest of the following values:
the lower layer MTU minus the PPP overhead
the peer MRU
1450 bytes
The MTU value is passed to RADIUS in an Access-Request packet by means of the
Framed-Mtu attribute.

Performance

When EAP is configured on the router, it affects the performance and scalability of PPP
in terms of round-trip packet exchanges, negotiations, EAP server requirements, and EAP
client requirements. For information on the number of PPP interfaces supported with
EAP, see the Link Layer Maximums tables in Appendix A, System Maximums, of the current
JunosE Release Notes.
Performance depends on the number of packets exchanged during the negotiation.
When the number of packets exchanged increases—that is, when the number of
round-trips increases—it takes longer to finish the interface negotiation. System
resources are locked for a longer duration. As a result it takes longer to bring up all the
interfaces.
The number of round-trip message exchanges varies with the EAP authentication
method. When no retransmission of packets takes place and there is no fragmentation,
PAP and CHAP require one round-trip, EAP-MD5-Challenge requires two round-trips,
and EAP-TLS requires four round-trips.
Retransmission increases the number of round-trips. When the negotiated EAP
authentication method requires fragmentation, such as for the exchange of large
certificate chains, then the number of round-trips increases.
The number of simultaneous EAP negotiations is limited to 50 because of resource
limitations. Consequently, the time required to bring up interfaces when you configure
EAP authentication is longer than when you specify PAP or CHAP authentication.
EAP authentication methods fragment packets when the EAP packet size is greater
than the link MTU. The EAP server must fragment the EAP packet to the size of the
Framed-Mtu attribute contained in the RADIUS Access-Request packet.
Copyright © 2010, Juniper Networks, Inc.