01-13-2016 12:39 AM
Hi All,
Do we have a equivalent command in nx-os (7000 series) for ip tcp adjust-mss or an alternate way?
Please advice.
Thanks in advance,
Nagasheshu.
03-01-2016 01:42 PM
Hi Nagasheshu,
Unfortunately there is no equivalent command to adjust the maximum segment size in NX-OS. I can think of two possible "workarounds":
1) Use IPSEC, GRE, or both. This would allow you to specify the segments on the tunnel. See the below link for further clarity:
http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html#t15
2) Use an ACL that would drop packets greater than a certain size. While this would not adjust automatically, it would set an MSS. For example:
ip access-list extended drop-large-packets
statistics per-entry
deny ip any any packet-length gt 1600
permit ip any any
interface Ethernet1/1
mtu 1600
ip access-group drop-large-packets in
ip address 10.10.10.1/30
no shutdown
This would send an ICMP unreachable to the host.
Use of the "ip tcp adjust-mss" command punts all TCP SYN packets to the CPU and it is software switched. Another recommendation could be to use a large enough MTU across the path that can support whatever application needs you might have while still allowing the system to handle normal TCP processes.
Hopefully this helps. Please let me know if I can be of any further assistance.
Thanks!
-Russ
03-04-2016 08:14 AM
Thank you Russ!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide