TCP MSS adjustment filter on VPRN SAP interfaces
The 7705 SAR-Hm series of routers support a configurable filter that adjusts the maximum segment size (MSS) of TCP packets marked with a SYN flag that traverse VPRN SAP interfaces. The MSS adjustment filter prevents upstream and downstream TCP packets from being fragmented.
MSS adjustment is performed by the virtualized integrated BB ISA MDA when an IP filter is enabled with the action tcp-mss-adjust command. The filter can be applied on a VPRN SAP interface in the ingress direction, egress direction, or both directions. Both IPv4 and IPv6 filters are supported. For information about the virtualized BB ISA MDA, see "Chassis IOM and MDAs" in the 7705 SAR-Hm Interface Configuration Guide.
To configure a TCP MSS adjustment filter on a VPRN SAP interface:
Create a NAT group that will be used for MSS adjustment.
The following CLI output is an example of the creation of a NAT group on the virtualized integrated BB ISA MDA in slot 1/6.
config card 1 mda 6 mda-type isa-bb-v no shutdown exit no shutdown exitconfigure isa nat-group 1 create active-mda-limit 1 mda 1/6 no shutdown exitAssociate the NAT group with a routing instance and configure the MSS value as shown in the following example.
config service vprn services-id mss-adjust-group 1 segment-size 1352Create ingress or egress IP filters that perform TCP MSS adjustment.
The following example shows the configuration of IPv4 filters and IPv6 filters that perform TCP MSS adjustment at ingress and egress.
configure filter ip-filter 1 name "1" create default-action forward description "Ingress" entry 1 create match protocol tcp tcp-syn true exit action tcp-mss-adjust exit exit exit ip-filter 2 name "2" create default-action forward description "Egress" entry 1 create match protocol tcp tcp-syn true exit action tcp-mss-adjust exit egress-pbr default-load-balancing exit exit ipv6-filter 1 name "3" create default-action forward description "Ingress" entry 1 create match next-header tcp tcp-syn true exit action tcp-mss-adjust exit exit exit ipv6-filter 2 name "4" create default-action forward description "Egress" entry 1 create match next-header tcp tcp-syn true exit action tcp-mss-adjust exit egress-pbr default-load-balancing exit exit exitApply the filters that perform TCP MSS adjustment to the VPRN SAP interface. The filters can be applied in the ingress direction, egress direction, or both directions. In the following example, the filters are applied in both the ingress and egress directions.
config service vprn service-id interface "int1_vprn1" create address 10.10.1.1/24 sap 1/2/3 create ingress filter ip 1 exit egress filter ip 2 exit exit exit exit vprn service-id2 interface "int1_vprn2" create ipv6 address 10:1::1/32 neighbor 10:1::2 00:02:01:00:00:01 exit sap 1/2/3:1 create ingress filter ipv6 3 exit egress filter ipv6 4 exit exit exit exit