[c-nsp] ip tcp adjust-mss
Phil Mayers
p.mayers at imperial.ac.uk
Mon Feb 11 15:23:42 EST 2013
On 02/11/2013 07:56 PM, Eric A Louie wrote:
> I just put in this command on my upstream interfaces to help my mpls network
> pass traffic - that is, my effort to eliminate fragmentation in my backbone.
>
> Is anyone else using this method of "mtu control"? I need some support - my CEO
> is asking why I have to do this, and who else does it, and is it a common
> practice, etc, so I'm looking for evidence, more than just "The Cisco TAC told
> me to do it".
We use MSS clamping in a few places - IPSec tunnels, and in front of our
PPTP VPN servers.
In theory, path MTU discovery should make this unnecessary. In practice,
it breaks a lot of the time, due to naive/broken firewall/ACLs and, in
some cases, poor SLB implementations that don't translate the ICMPs
through to the backend.
You will find opinion on MSS clamping to be divided - some people are
opposed to it in principle, others believe it very necessary.
Personally, we found it worked and solved a problem - but I'm not
dogmatic about it.
More information about the cisco-nsp
mailing list