[c-nsp] ip tcp adjust-mss

Octavio Alvarez alvarezp at alvarezp.ods.org
Tue Nov 5 00:09:26 EST 2013


It could be anywhere.

I remember seeing buggy devices that didn't dynamically adapt to
intermediate TCP MSS modifications. We had to analyze the TCP headers on
the streams to find this out. It was a reflected symptom.

I've also seen it on DSL links that didn't had "ip tcp adjust-mss 1452"
in place.



On 11/04/2013 08:09 PM, Methsri Wickramarathna wrote:
> Thanks Blake & Tony,
> 
> Is this issue with My end core router , destination end device or
> intermediate device ???
> 
> Is there any way I can find this ???
> 
> 
> 
> On Tue, Nov 5, 2013 at 7:22 AM, Blake Dunlap <ikiris at gmail.com> wrote:
> 
>> Yes. Don't do that.
>>
>>
>> On Mon, Nov 4, 2013 at 6:59 PM, Methsri Wickramarathna <
>> mmethw2003 at gmail.com> wrote:
>>
>>> Thanks Tony , John and Juergan...
>>>
>>> This has been issue for many sites mainly towards yahoo.com. Can any one
>>> explain why this is happening for particular IPs in a subnet ???
>>> We are using access list inbound & Outbound to prevent ICMPs cumming
>>> inside
>>> to our network, will it be creating this problem ????
>>>
>>>
>>> On Tue, Nov 5, 2013 at 3:23 AM, <cnsp at marenda.net> wrote:
>>>
>>>> Hi, this looks like a CPE-device
>>>> With static IP-adresses and routing.
>>>>
>>>> You may really want to set "ip tcp adjust-mss 1280"
>>>> on _both_ your WAN and your (probably natted) LAN (L3) Interfaces.
>>>> (_both_ sides, yes !)
>>>>
>>>> This will help you in most cases with
>>>> MTU restrictions on
>>>> - your link
>>>> - home-"web"servers behind Broadband links
>>>> etc.
>>>>
>>>> Yes, the value is not optimized but very computerish ( 2**10 + 2**8 ),
>>>> but it is good for
>>>> - pppoe (1500-8=1492)
>>>> - l2tp forwarded dial-in sessions (l2tp overhead+pppoe leads to 1456)
>>>> - even with an additional vlan tag ( so MTU will be 1452 found in most
>>>> literature)
>>>> - some other tunneled environments
>>>>
>>>> Iff you are an ISP,
>>>> you will configure this _only_ on the virtual-template interfaces
>>>> on your LNSes for broadband-termination .
>>>>
>>>> Keep it out of your core,
>>>> You will not want to modify your valued customer's ip packets
>>>> in your core network; here you want to use a MTU greater than 1500
>>>> while on your BGP up/downstreams will stay at Ethernet-default 1500 .
>>>>
>>>> Sorry, very conservative, but will avoid may problems.
>>>>
>>>> Just my 0.01 $ on this
>>>>
>>>> Juergen.
>>>>
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] Im Auftrag
>>>>> von Methsri Wickramarathna
>>>>> Gesendet: lundi 4 novembre 2013 17:55
>>>>> An: Pete Lumbis
>>>>> Cc: cisco-nsp at puck.nether.net
>>>>> Betreff: Re: [c-nsp] ip tcp adjust-mss
>>>>>
>>>>> Thanks Pete,
>>>>>
>>>>> If not a problem can any one look in to following mturoute taken ???
>>> :)
>>>>>
>>>>> E:\>mturoute -t www.ubnt.com
>>>>> mturoute to www.ubnt.com, 30 hops max, variable sized packets
>>>>> * ICMP Fragmentation is not permitted. *
>>>>> * Speed optimization is enabled. *
>>>>> * Maximum payload is 10000 bytes. *
>>>>>  1  +-  host: 116.12.78.1  max: 1500 bytes
>>>> [...]
>>>>
>>>>
>>>
>>>
>>> --
>>> --
>>> ________´$$$$`_____________________________,,,_
>>> _______´$$$$$$$`_________________________´$$$`
>>> ________`$$$$$$$`______,,________,,_______´$$$$´
>>> _________`$$$$$$$`____´$$`_____´$$`____´$$$$$´
>>> __________`$$$$$$$`_´$$$$$`_´$$$$$`__´$$$$$$$´
>>> ___________`$$$$$$$_$$$$$$$_$$$$$$$_´$$$$$$$´_
>>> ____________`$$$$$$_$$$$$$$_$$$$$$$`´$$$$$$´_
>>> ___,,,,,,______`$$$$$$_$$$$$$$_$$$$$$$_$$$$$$´_
>>> _´$$$$$`____`$$$$$$_$$$$$$$_$$$$$$$_$$$$$$´_
>>> ´$$$$$$$$$`´$$$$$$$_$$$$$$$_$$$$$$$_$$$$$´_
>>> ´$$$$$$$$$$$$$$$$$$_$$$$$$$_$$$$$$$_$$$$$´_
>>> ___`$$$$$$$$$$$$$$$_$$$$$$$_$$$$$$_$$$$$$´_
>>> ______`$$$$$$$$$$$$$_$$$$$__$$_$$$$$$_$$´_
>>> _______`$$$$$$$$$$$$,___,$$$$,_____,$$$$$´_
>>> _________`$$$$$$$$$$$$$$$$$$$$$$$$$$$$$´_
>>> __________`$$$$$$$$$$$$$$$$$$$$$$$$$$$´_
>>> ____________`$$$$$$$$$$$$$$$$$$$$$$$$´_
>>> _______________`$$$$$$$$$$$$$$$$$$$$´_
>>>
>>> ~~( ŊëŌ )~~
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>>
> 
> 



More information about the cisco-nsp mailing list