[c-nsp] ip tcp adjust-mss on LNS 7206VXR

[Phil Mayers]

Tim Franklin wrote:
>> In a big big way.  Fragmentation is cheap, but the reassembly on the
>> far end of the tunnel is by necessity process switched will thrash the
>> everlasting you-know-what out of your CPU even at relatively low PPS
>> rates.
> 
> I still prefer setting a lower MTU and letting PMTUD do its thing for this.
> It works for UDP too, and helps flush out broken firewalls (or rather,
> broken firewall *admins*; the "all ICMP is eeeeeeeevil" mentality is in need
> of a bitch-slap).

Sadly, there are much larger problems than firewalls configured by 
buffoons. Many load balancers seem to have problems sending ICMP to 
virtual IPs back to the real IPs, so in my (quite extensive) experience 
diddling with path MTU rather than the MSS causes a lot of large-ish 
websites on the net to fail.

And by one (short sighted) way of looking at it, the one my users adopt, 
we're well past the point where fixing the damage done by "ICMP is 
eeeeevil" could happen. In my personal experience, adopting the MSS 
trick or accepting large payloads (either by fragmentation or using 
higher physical MTUs for backhaul) is the only solution that won't get 
users screaming at you, loudly and immediately.

This is a galling state of affairs. I wish it were otherwise. One hopes 
that the more stringent specification will prevent the same happening 
with IPv6, but I wouldn't bet on it...

 From the sounds of it however, your experience does not reflect that, 
which interests me - are you able to share any numbers with us?