| date | tags | title | url | ||
|---|---|---|---|---|---|
2013-01-22 06:50:00 +0100 |
|
TCP MSS Clamping – What Is It and Why Do We Need It? |
/2013/01/tcp-mss-clamping-what-is-it-and-why-do/ |
This (not so very) short video explains what TCP MSS clamping is and why we're almost forced to use it on xDSL (PPPoE) and tunnel interfaces.
TL&DW summary: because Internet-wide Path MTU Discovery rarely works.
{{<video "https://www.ipspace.net/nuggets/podcast/X1%20TCP%20MSS%20Clamping.mp4">}}
- Path MTU discovery was first defined in RFC 1191 (yeah, it's THAT old and still doesn't work well);
- You'll find more PMTUD and fragmentation hands-on details in my Never-Ending Story of IP Fragmentation article;
- Packetization Layer Path MTU Discovery (RFC 4821) is an alternate approach that does not rely on ICMP replies;
- Discovering Path MTU black holes presentation from RIPE65 (video).
- TCP MSS clamping can be configured on end hosts or on some routers (on Cisco IOS, use ip tcp adjust-mss interface configuration command).
- The ip tcp adjust-mss functionality on Cisco IOS is bidirectional -- MSS option is adjusted in inbound and outbound TCP SYN packets traversing the interface on which ip tcp adjust-mss is configured.
- You should configure ip tcp adjust-mss on interfaces with low MTUs. In other words, MSS value configured on an interface should match MTU value of the same interface minus 40 bytes.
- Configuration examples where ip tcp adjust-mss is configured on Ethernet interface have interesting side effects if the router has more than two interfaces.