0

We currently have a cisco pix 501 running in our office building and we just got word that our network is going to updated to run jumbo frames. I haven't been able to find much information, but from what I gather our PIX does not support jumbo frames. So assuming that is the case, what should i expect from this? Is it just a matter of the PIX not being able to take advantage of what jumbo frames brings and business as usual? Will the system basically become a paper weight?

We are planning on getting rid of PIX soon, so I guess its just a matter of deciding if we need to get those plans running sooner than later.

Raymond Holguin
  • 153
  • 1
  • 8
  • `we just got word that our network is going to updated to run jumbo frames` - Really? Do all of your hosts/endpoints support Jumbo Frames? What's the motivation for enabling Jumbo Frames? – joeqwerty Dec 17 '14 at 02:16

2 Answers2

1

I can't find anything that suggests that the PIX has a maximum MTU of more than 1500, so yeah, it'd be a bad idea to have it acting as the router for devices speaking 9000 byte frames.

Better question, though, is why is your network being switched to jumbo frames? It's unlikely that the minor performance benefit will make much difference in anything but a specifically purposed high throughput storage network. The headaches induced by dealing with MTU problems and configuring each and every device on the network mean a pretty high cost to get those minor performance gains.

So, don't switch to jumbo frames unless you have a very good reason to do so; it's going to be more trouble than it's worth, and yes, you'd need a new firewall to make it happen.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • While I didn't really get a why, when i talked to someone in the network group he said as long as none of the servers behind the firewall have jumbo frames enabled then its a moot issue. Its only an issue if I decide to enable Jumbo frames server side (which i wont). Is this accurate? – Raymond Holguin Dec 17 '14 at 17:32
  • @RaymondHolguin Yes, it's accurate - jumbo frames aren't really "on" unless the systems in the network are sending them, regardless of what the switches are configured to handle. – Shane Madden Dec 17 '14 at 17:34
  • Remember, jumbo frames are a Network Access Layer construct. Firewalls like the PIX 501 operate at the Internet Layer, so there could be different behaviors on both sides of the firewall, depending on the support by the firewall, the upstream devices and the downstream devices. – DTK Dec 17 '14 at 17:57
1

The PIX501 predates jumbo frames. Consequently the hardware does not support it and as such there is no way to enable it in software or configuration.

Since the PIX501 is out of CCO / Safenet support, I would recommend to start planning to migrate to the ASA5500 series of devices, many of which support GigE and jumbo frames, and which can still get support from Cisco.

DTK
  • 1,718
  • 10
  • 15