[c-nsp] ip tcp adjust-mss on LNS 7206VXR

Tim Franklin tim at colt.net
Mon Jan 15 07:01:06 EST 2007


> The problem is that if you do this in a VPDN environment and are
> fragmenting your L2TP tunnels it's your stack that has to deal, not
> your customers'.  Far better to dink with the MSS on customer stuff as
> the TCP sessions come up (and pray for not too much VPN over PPPoE
> over VPDN to burn up the CPU on your LNSes).

I'm talking about reducing the MTU on the LNS, such the packets heading for
the tunnel are either fragmented if DF=0 (bad, but at least you're
fragmenting customer traffic (which they get to re-assemble) rather than
L2TP) or rejected if DF=1, in which case the sender (wherever they are)
should reduce MTU appropriately.

I'm not sure how to handle in the other direction, if you don't control the
customer-side device that's initiating the connection.  Typically, in my
particular scenario, either we do, or if it's random-PC dial-up, most of the
traffic is going from the network towards the VPDN user, so it's not an
issue either way.  I'll agree that if you're seeing a lot of maximum-size
packets coming *from* the client / LAC, you need a different fix (instead-of
or as-well-as).

Regards,
Tim.

-- 
____________   Tim Franklin                 e: tim.franklin at colt.net 
\C/\O/\L/\T/   Network Development &        w: www.colt.net 
 V  V  V  V    Product Engineering          t: +44 20 7863 5714 
Data | Voice | Managed Services             f: +44 20 7863 5876  




More information about the cisco-nsp mailing list