[c-nsp] ip tcp adjust-mss

Tony td_miles at yahoo.com
Mon Nov 4 15:50:52 EST 2013


For starters that is an ICMP trace, so even if you were to use "tcp 
adjuct-mss" as the command suggests it only affects TCP packets, so your "mturoute" output would be identical.

You could set the "adjust-mss" command on ANY router between the source 
& destination which will force that router to look at all TCP SYN 
packets going through it and change the MSS value in any of them to be 
the value you specified (I would assume it does nothing if MTU is 
already smaller). Typically you would do it on the router you control on
 your edge.

One of the reasons it is not a "solution" is that it only works for TCP.
 Any traffic that is not TCP (eg. UDP, ICMP, GRE, etc) will not be 
affected by "adjust-mss" and so the device will still be using 1500 and 
so if DF is set then these protocol will still fail.

My interpretationof your "mturoute" is that one particular host has a lower MTU, but it 
is NOT affecting traffic passing through it. There are several reasons 
why this might be the case. If this router was restricting the MTU of 
packets passing through it then all hops beyond this router would also 
have a lower MTU, but this isn't happening as your final destination 
reports 1500.

The mturoute page has a lot of good information that explains this and 
other limitations of the utility and also some suggested diagnosis.

http://www.elifulkerson.com/projects/mturoute.php

Did you TRY setting the adjust-mss to see if it fixes your site not 
loading issue ? If you don't want to do it on your router you can just 
set the MTU on the interface of the host you are testing from. This is 
OS specific so you'll have to look up instructions on how to do it on 
your box (eg. Windows involves changing a registry setting, Linux you 
specify it as parameter for "ifconfig", etc).


regards,
Tony.





________________________________
 From: Methsri Wickramarathna <mmethw2003 at gmail.com>
To: Pete Lumbis <alumbis at gmail.com> 
Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net> 
Sent: Tuesday, 5 November 2013 2:54 AM
Subject: Re: [c-nsp] ip tcp adjust-mss
 

Thanks Pete,

If not a problem can any one look in to following mturoute taken ??? :)

E:\>mturoute -t www.ubnt.com
mturoute to www.ubnt.com, 30 hops max, variable sized packets
* ICMP Fragmentation is not permitted. *
* Speed optimization is enabled. *
* Maximum payload is 10000 bytes. *
1  +-  host: 116.12.78.1  max: 1500 bytes
2  +-  host: 203.143.0.36  max: 1500 bytes
3  +-  host: 203.143.1.25  max: 1500 bytes
4  +-  host: 125.22.195.249  max: 1500 bytes
5  +-  host: 123.62.129.194  max: 1500 bytes
6  +-  host: 4.26.0.89  max: 1500 bytes
7  +-  host: 4.69.144.62  max: 1500 bytes
8  +-  host: 4.69.137.33  max: 1500 bytes
9  +-  host: 4.69.132.82  max: 1500 bytes
10  +-  host: 4.69.134.130  max: 1500 bytes
11  +-  host: 4.69.149.13  max: 1500 bytes
12  ...-.-  host: 4.28.125.110 not responding
13  .-.-  host: 72.21.220.141 not responding
14  .-.-  host: 205.251.245.63 not responding
15  No response from traceroute for this TTL.  Tried 3 times
16  No response from traceroute for this TTL.  Tried 3 times
17  No response from traceroute for this TTL.  Tried 3 times
18  .-+++++++++.-++ * host: 216.182.224.79  max: 1496 bytes*
19  No response from traceroute for this TTL.  Tried 3 times
20  No response from traceroute for this TTL.  Tried 3 times
21  No response from traceroute for this TTL.  Tried 3 times
22  No response from traceroute for this TTL.  Tried 3 times
23  No response from traceroute for this TTL.  Tried 3 times
24  ++--+---+++-+++-  host: 23.21.93.68  max: 1500 bytes

There's an MTU issue @ the host 216.182.224.79 and simply this site is not
loading. The Interesting part is I'm using a /28 block belongs
116.12.78.0/28 , My IP is 116.12.78.11 and above site is working properly
there's an another IP 116.12.78.6 for that IP this site is not working :(
:( . When I asked this about from my UPStream provider they are either
willingly or unwillingly not responding properly. They are asking me to
configure my edge router with the command " *ip tcp adjust-mss *". *Any
idea regarding which end having this PMTU issue ????*



On Mon, Nov 4, 2013 at 9:04 PM, Pete Lumbis <alumbis at gmail.com> wrote:

> On ASR1k the MSS adjustment is done on the QFP (the ESP or "in hardware").
> Again, this behavior varies from platform to platform.
>
>
> On Sun, Nov 3, 2013 at 11:47 PM, Methsri Wickramarathna <
> mmethw2003 at gmail.com> wrote:
>
>> Thanks Pete!!!
>>
>> We are using ASR 1001 series , can configure but I want to make sure
>> before doing it
>>
>>
>> On Sat, Nov 2, 2013 at 1:53 AM, Pete Lumbis <alumbis at gmail.com> wrote:
>>
>>> Most platforms can't do this in hardware and have to punt the SYN and/or
>>> SYN/ACK packets. Use caution at scale
>>>
>>>
>>> On Fri, Nov 1, 2013 at 7:15 AM, Methsri Wickramarathna <
>>> mmethw2003 at gmail.com> wrote:
>>>
>>>> Hi all ,
>>>> Is it wise to use ip tcp adjust-mss on a ISP gateway router ???
>>>>
>>>> --
>>>> --
>>>> ________´$$$$`_____________________________,,,_
>>>> _______´$$$$$$$`_________________________´$$$`
>>>> ________`$$$$$$$`______,,________,,_______´$$$$´
>>>> _________`$$$$$$$`____´$$`_____´$$`____´$$$$$´
>>>> __________`$$$$$$$`_´$$$$$`_´$$$$$`__´$$$$$$$´
>>>> ___________`$$$$$$$_$$$$$$$_$$$$$$$_´$$$$$$$´_
>>>> ____________`$$$$$$_$$$$$$$_$$$$$$$`´$$$$$$´_
>>>> ___,,,,,,______`$$$$$$_$$$$$$$_$$$$$$$_$$$$$$´_
>>>> _´$$$$$`____`$$$$$$_$$$$$$$_$$$$$$$_$$$$$$´_
>>>> ´$$$$$$$$$`´$$$$$$$_$$$$$$$_$$$$$$$_$$$$$´_
>>>> ´$$$$$$$$$$$$$$$$$$_$$$$$$$_$$$$$$$_$$$$$´_
>>>> ___`$$$$$$$$$$$$$$$_$$$$$$$_$$$$$$_$$$$$$´_
>>>> ______`$$$$$$$$$$$$$_$$$$$__$$_$$$$$$_$$´_
>>>> _______`$$$$$$$$$$$$,___,$$$$,_____,$$$$$´_
>>>> _________`$$$$$$$$$$$$$$$$$$$$$$$$$$$$$´_
>>>> __________`$$$$$$$$$$$$$$$$$$$$$$$$$$$´_
>>>> ____________`$$$$$$$$$$$$$$$$$$$$$$$$´_
>>>> _______________`$$$$$$$$$$$$$$$$$$$$´_
>>>>
>>>> ~~( ŊëŌ )~~
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>>
>>>
>>
>>
>> --
>> --
>> ________´$$$$`_____________________________,,,_
>> _______´$$$$$$$`_________________________´$$$`
>> ________`$$$$$$$`______,,________,,_______´$$$$´
>> _________`$$$$$$$`____´$$`_____´$$`____´$$$$$´
>> __________`$$$$$$$`_´$$$$$`_´$$$$$`__´$$$$$$$´
>> ___________`$$$$$$$_$$$$$$$_$$$$$$$_´$$$$$$$´_
>> ____________`$$$$$$_$$$$$$$_$$$$$$$`´$$$$$$´_
>> ___,,,,,,______`$$$$$$_$$$$$$$_$$$$$$$_$$$$$$´_
>> _´$$$$$`____`$$$$$$_$$$$$$$_$$$$$$$_$$$$$$´_
>> ´$$$$$$$$$`´$$$$$$$_$$$$$$$_$$$$$$$_$$$$$´_
>> ´$$$$$$$$$$$$$$$$$$_$$$$$$$_$$$$$$$_$$$$$´_
>> ___`$$$$$$$$$$$$$$$_$$$$$$$_$$$$$$_$$$$$$´_
>> ______`$$$$$$$$$$$$$_$$$$$__$$_$$$$$$_$$´_
>> _______`$$$$$$$$$$$$,___,$$$$,_____,$$$$$´_
>> _________`$$$$$$$$$$$$$$$$$$$$$$$$$$$$$´_
>> __________`$$$$$$$$$$$$$$$$$$$$$$$$$$$´_
>> ____________`$$$$$$$$$$$$$$$$$$$$$$$$´_
>> _______________`$$$$$$$$$$$$$$$$$$$$´_
>>
>> ~~( ŊëŌ )~~
>>
>
>


-- 
-- 
________´$$$$`_____________________________,,,_
_______´$$$$$$$`_________________________´$$$`
________`$$$$$$$`______,,________,,_______´$$$$´
_________`$$$$$$$`____´$$`_____´$$`____´$$$$$´
__________`$$$$$$$`_´$$$$$`_´$$$$$`__´$$$$$$$´
___________`$$$$$$$_$$$$$$$_$$$$$$$_´$$$$$$$´_
____________`$$$$$$_$$$$$$$_$$$$$$$`´$$$$$$´_
___,,,,,,______`$$$$$$_$$$$$$$_$$$$$$$_$$$$$$´_
_´$$$$$`____`$$$$$$_$$$$$$$_$$$$$$$_$$$$$$´_
´$$$$$$$$$`´$$$$$$$_$$$$$$$_$$$$$$$_$$$$$´_
´$$$$$$$$$$$$$$$$$$_$$$$$$$_$$$$$$$_$$$$$´_
___`$$$$$$$$$$$$$$$_$$$$$$$_$$$$$$_$$$$$$´_
______`$$$$$$$$$$$$$_$$$$$__$$_$$$$$$_$$´_
_______`$$$$$$$$$$$$,___,$$$$,_____,$$$$$´_
_________`$$$$$$$$$$$$$$$$$$$$$$$$$$$$$´_
__________`$$$$$$$$$$$$$$$$$$$$$$$$$$$´_
____________`$$$$$$$$$$$$$$$$$$$$$$$$´_
_______________`$$$$$$$$$$$$$$$$$$$$´_

~~( ŊëŌ )~~
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list