TCP MSS adjustment
Overview
This feature adds support for adjustment of MSS of TCP packets with SYN flag according to access/aggregation network to prevent fragmentation of upstream and downstream TCP packets using ISA-BB.
There are two modes of adjustment operations supported: TCP MSS Adjustment filter on VPRN SAP interfaces and TCP MSS Adjustment for NAT Services.
TCP MSS adjustment filter on VPRN SAP interfaces
The 7705 SAR Gen 2 supports a configurable filter that adjusts the maximum segment size (MSS) of TCP packets marked with a SYN flag that traverse VPRN SAP interfaces. The MSS adjustment filter prevents upstream and downstream TCP packets from being fragmented.
MSS adjustment is performed by the virtualized integrated BB ISA MDA when an IP filter is enabled with the action tcp-mss-adjust command. The filter can be applied on a VPRN SAP interface in the ingress direction, egress direction, or both directions. Both IPv4 and IPv6 filters are supported. For information about the virtualized BB ISA MDA, see the 7705 SAR Gen 2 Interface Configuration Guide, "Chassis IOM and MDAs".
Perform the following steps to configure a TCP MSS adjustment filter on a VPRN SAP interface:
-
Create a NAT group that will be used for MSS adjustment.
The following output is an example of the creation of a NAT group on the virtualized integrated BB ISA MDA in slot 1/6.
config card 1 mda 6 mda-type isa-bb-v no shutdown exit no shutdown exitconfigure isa nat-group 1 create active-mda-limit 1 mda 1/6 no shutdown exit -
Associate the NAT group with a routing instance and configure the MSS value as shown in
the following example.
config service vprn services-id mss-adjust-group 1 segment-size 1352 -
Create ingress or egress IP filters that perform TCP MSS adjustment.
The following example shows the configuration of IPv4 filters and IPv6 filters that perform TCP MSS adjustment at ingress and egress.
configure filter ip-filter 1 name "1" create default-action forward description "Ingress" entry 1 create match protocol tcp tcp-syn true exit action tcp-mss-adjust exit exit exit ip-filter 2 name "2" create default-action forward description "Egress" entry 1 create match protocol tcp tcp-syn true exit action tcp-mss-adjust exit egress-pbr default-load-balancing exit exit ipv6-filter 1 name "3" create default-action forward description "Ingress" entry 1 create match next-header tcp tcp-syn true exit action tcp-mss-adjust exit exit exit ipv6-filter 2 name "4" create default-action forward description "Egress" entry 1 create match next-header tcp tcp-syn true exit action tcp-mss-adjust exit egress-pbr default-load-balancing exit exit exit -
Apply the filters that perform TCP MSS adjustment to the VPRN SAP interface. The
filters can be applied in the ingress direction, egress direction, or both directions. In
the following example, the filters are applied in both the ingress and egress
directions.
config service vprn service-id interface "int1_vprn1" create address 10.10.1.1/24 sap 1/2/3 create ingress filter ip 1 exit egress filter ip 2 exit exit exit exit vprn service-id2 interface "int1_vprn2" create ipv6 address 10:1::1/32 neighbor 10:1::2 00:02:01:00:00:01 exit sap 1/2/3:1 create ingress filter ipv6 3 exit egress filter ipv6 4 exit exit exit exit
TCP MSS adjustment for NAT services
This feature provides MSS adjustment for TCP packets to be translated by NAT services.
-
Create a NAT group used for NAT services with MSS adjustment.
MD-CLI
[ex:/configure isa] A:admin@node-2# info nat-group 1 { redundancy { active-mda-limit 2 } mda 1/2 { } mda 1/2 { } }classic CLIA:node-2>config>isa# info ---------------------------------------------- nat-group 1 create shutdown active-mda-limit 1 mda 1/1 mda 1/2 exit ---------------------------------------------- -
Create a NAT policy that also adjusts MSS.
MD-CLI
[ex:/configure service nat] A:admin@node-2# info ... nat-policy "policy-for-mss-adjust" { tcp { mss-adjust 1452 } }classic CLIA:node-2>config>service>nat# info ---------------------------------------------- nat-policy "policy-for-mss-adjust" create tcp-mss-adjust 1452 exit