This (not so very) short video explains what TCP MSS clamping is and why we’re almost forced to use it on xDSL (PPPoE) and tunnel interfaces (TL&DR summary: because Internet-wide Path MTU Discovery rarely works).
If you liked the video, subscribe to my podcast, or add my podcast to your iTunes.
More details
- Path MTU discovery was first defined in RFC 1191 (yeah, it’s THAT old and still doesn’t work well);
- You’ll find more PMTUD and fragmentation hands-on details in my Never-Ending Story of IP Fragmentation article or in PacketLife’s Path MTU Discovery blog post;
- Packetization Layer Path MTU Discovery (RFC 4821) is an alternate approach that does not rely on ICMP replies;
- Discovering Path MTU black holes presentation from RIPE65 (video).
Some configuration tips
- TCP MSS clamping can be configured on end hosts or on some routers (on Cisco IOS, use ip tcp adjust-mss interface configuration command).
- The ip tcp adjust-mss functionality on Cisco IOS is bidirectional – MSS option is adjusted in inbound and outbound TCP SYN packets traversing the interface on which ip tcp adjust-mss is configured.
- You should configure ip tcp adjust-mss on interfaces with low MTUs. In other words, MSS value configured on an interface should match MTU value of the same interface minus 40 bytes.
- Configuration examples where ip tcp adjust-mss is configured on Ethernet interface have interesting side effects if the router has more than two interfaces.
Posts
And don't forget about clamping IPv6 as well...
ReplyDelete(like my $ISP does)
How did you guess the topic of the follow-up post ;)
DeleteGreat video, thanks a lot. I'm glad to know now that adjust-mss is now done in hardware - and it's called MSS Clamping.
ReplyDeleteI've never used 'in fast path' as alternative to hardware based forwarding but I like it (cant wait to use it in a team meeting).
'Fast path' might not be equivalent to hardware-based forwarding (depends on the platform). Also, did I really say adjust-mss is done in hardware?
DeleteSorry, typo- I meant 'not' done in hardware
DeleteMss = mtu - 40 bytes assuming no IP options are used afair?
ReplyDeleteFor PPPoe the common setting is ip tcp adjust-mss 1452.
ReplyDeleteCan someone give me a hint to negotiate a PPPoE MTU of >1492 on Cisco IOS. Looks kind of hard to make a Cisco Router ignore the RFC standard MTU...
I heard some Telco's use PPPoE MTU of 1500 (on a Ethernet link of >1510) in stead of 1492 to workaround the MSS clamping...
Have you tried "mtu 1500" and "ip mtu 1500" on Dialer/VirtualAccess interface? Of course it has to match on both ends. You might also need "ppp mtu adaptive".
Delete