[c-nsp] ip tcp adjust-mss

Phil Mayers p.mayers at imperial.ac.uk
Mon Feb 11 15:23:42 EST 2013

On 02/11/2013 07:56 PM, Eric A Louie wrote:
> I just put in this command on my upstream interfaces to help my mpls network
> pass traffic - that is, my effort to eliminate fragmentation in my backbone.
> Is anyone else using this method of "mtu control"?  I need some support - my CEO
> is asking why I have to do this, and who else does it, and is it a common
> practice, etc, so I'm looking for evidence, more than just "The Cisco TAC told
> me to do it".

We use MSS clamping in a few places - IPSec tunnels, and in front of our 
PPTP VPN servers.

In theory, path MTU discovery should make this unnecessary. In practice, 
it breaks a lot of the time, due to naive/broken firewall/ACLs and, in 
some cases, poor SLB implementations that don't translate the ICMPs 
through to the backend.

You will find opinion on MSS clamping to be divided - some people are 
opposed to it in principle, others believe it very necessary. 
Personally, we found it worked and solved a problem - but I'm not 
dogmatic about it.

More information about the cisco-nsp mailing list