[c-nsp] ip tcp adjust-mss on LNS 7206VXR
Robert E. Seastrom
rs at seastrom.com
Fri Jan 12 10:49:13 EST 2007
"Tim Franklin" <tim at colt.net> writes:
>> In a big big way. Fragmentation is cheap, but the reassembly on the
>> far end of the tunnel is by necessity process switched will thrash the
>> everlasting you-know-what out of your CPU even at relatively low PPS
>> rates.
>
> I still prefer setting a lower MTU and letting PMTUD do its thing for this.
> It works for UDP too, and helps flush out broken firewalls (or rather,
> broken firewall *admins*; the "all ICMP is eeeeeeeevil" mentality is in need
> of a bitch-slap).
The problem is that if you do this in a VPDN environment and are
fragmenting your L2TP tunnels it's your stack that has to deal, not
your customers'. Far better to dink with the MSS on customer stuff as
the TCP sessions come up (and pray for not too much VPN over PPPoE
over VPDN to burn up the CPU on your LNSes).
---rob
More information about the cisco-nsp
mailing list