TCP MSS adjustment
Overview
This feature adds support for adjustment of MSS of TCP packets with SYN flag according to access/aggregation network to prevent fragmentation of upstream and downstream TCP packets using ISA-BB.
There are two modes of adjustment operations supported: TCP MSS Adjustment for ESM Hosts, and TCP MSS Adjustment for NAT Services.
For TCP MSS adjust using ISA2-AA, see section AQP for the AQP rules.
TCP MSS adjustment for ESM hosts
This feature adds support for adjustment of the MSS size of TCP packets with SYN flag according to the access/aggregation network to prevent fragmentation of upstream and downstream TCP packets using ISA-BB diverted by IPv4/IPv6 filter actions.
-
IPv4 and IPv6 IPoE hosts
-
locally terminated PPPoE hosts (without L2TP LAC)
-
L2TP LNS hosts
The configuration steps are as follows:
-
Create a NAT group used for an MSS adjustment.
MD-CLI
[ex:/configure isa] A:admin@node-2# info nat-group 1 { redundancy { active-mda-limit 1 } mda 1/2 { } mda 1/2 { } }classic CLIA:node-2>config>isa# info ---------------------------------------------- nat-group 1 create shutdown active-mda-limit 1 mda 1/1 mda 1/2 exit ---------------------------------------------- -
Associate the NAT group with a routing instance or VPRN instance, and configure
the MSS value.
Note: Unless there are dedicated ISAs or ESAs for MSS adjustment, an existing NAT group or WLAN-GW group can be referenced. If multiple NAT or WLAN-GW groups reference the same ISA or ESA, the NAT or WLAN-GW groups become inactive. MSS adjustment does not function correctly if it references an inactive NAT or WLAN-GW group.MD-CLI
[ex:/configure router "Base"] A:admin@node-2# info mss-adjust { nat-group 1 segment-size 1452 } [ex:/configure service vprn "1"] A:admin@node-2# info customer "1" mss-adjust { nat-group 1 segment-size 1452 }classic CLIA:node-2>config>router# info ---------------------------------------------- #-------------------------------------------------- echo "IP Configuration" #-------------------------------------------------- ... mss-adjust-group 1 segment-size 1452 ---------------------------------------------- A:node-2>config>service>vprn$ info ---------------------------------------------- no shutdown mss-adjust-group 1 segment-size 1452 ---------------------------------------------- -
Create an IPv4 or IPv6 filter to perform an MSS adjust.
MD-CLI
[ex:/configure filter ip-filter "1"] A:admin@node-2# info entry 1 { egress-pbr true match { protocol tcp tcp-flags { syn true } } action { tcp-mss-adjust } } [ex:/configure filter ipv6-filter "1"] A:admin@node-2# info entry 1 { match { next-header tcp tcp-flags { syn true } } action { tcp-mss-adjust } }classic CLIA:node-2>config>filter>ip-filter# info ---------------------------------------------- entry 1 create match protocol tcp tcp-syn true exit action tcp-mss-adjust exit egress-pbr default-load-balancing exit ---------------------------------------------- A:node-2>config>filter>ipv6-filter# info ---------------------------------------------- entry 1 create match next-header tcp tcp-syn true exit action tcp-mss-adjust exit exit ---------------------------------------------- - Apply an IPv4/IPv6 filter to the SLA profile.
TCP MSS adjustment for NAT services
This feature provides MSS adjustment for TCP packets to be translated by NAT services.
-
Create a NAT group used for NAT services with MSS adjustment.
MD-CLI
[ex:/configure isa] A:admin@node-2# info nat-group 1 { redundancy { active-mda-limit 2 } mda 1/2 { } mda 1/2 { } }classic CLIA:node-2>config>isa# info ---------------------------------------------- nat-group 1 create shutdown active-mda-limit 1 mda 1/1 mda 1/2 exit ---------------------------------------------- -
Create a NAT policy that also adjusts MSS.
MD-CLI
[ex:/configure service nat] A:admin@node-2# info ... nat-policy "policy-for-mss-adjust" { tcp { mss-adjust 1452 } }classic CLIA:node-2>config>service>nat# info ---------------------------------------------- nat-policy "policy-for-mss-adjust" create tcp-mss-adjust 1452 exit ----------------------------------------------