[j-nsp] Does EX4200 support changing TCP-MSS on transit packets?
Dale Shaw
dale.shaw+j-nsp at gmail.com
Mon Feb 24 22:41:09 EST 2014
Hi Mark, all,
On Mon, Feb 24, 2014 at 11:37 PM, Mark Tinka <mark.tinka at seacom.mu> wrote:
>
> On Monday, February 24, 2014 02:18:35 PM Saku Ytti wrote:
>
> > I think you're mixing system level setting and interface
> > level setting. When configured in interface it indeed
> > mangles transit packets. When in system level it affects
> > local when interface it affects transit. IIRC JunOS does
> > not support interface-level 'stateless' mangling, but
> > will only do it in FW via flows.
>
> Yes, that's what I meant - a la Cisco's "ip tcp adjust-mss",
> which is, as you say, normally used fix-up weird MTU
> problems that are native to tunnels.
>
> I haven't heard of Junos having this on interfaces. But yes,
> agree Trio should be able to. Possibly worth someone
> submitting and ER for this.
It's possible to manipulate TCP MSS on M/MX with a services card.
e.g.
[MX] How to modify the TCP MSS on the CE facing interface
http://kb.juniper.net/InfoCenter/index?page=content&id=KB24352
On SRX (branch), it's much like "ip tcp adust-mss" (set under '[edit
security flow]') but it's a global setting and AFAIK the adjustment takes
place only on SYNs and only on *ingress* - fine for all native IP
interfaces but not as useful when traffic is landing on an interface
encapsulated/labeled.
OP: There is no such knob on EX-series to the best of my knowledge.
cheers,
Dale
More information about the juniper-nsp
mailing list