Hi,

1452 because PPPoE truncates the Ethernet maximum transmission unit (MTU) 1492 and if you consider the IP header (20 bytes &) and TCP header (20 bytes) then finally we have 1452.

http://www.cisco.com/en/US/docs/ios/12_2sb/12_2sba/feature/guide/sb_admss.pdf

In several cisco  configuration examples this command is entered in LAN interface, so I am using it in the inside LAN interface.

I ask, as in the past when I have also been using NAT and virtual Assembly I have required a lower value for the MSS to be intercepted.  I have seen that document and plenty of others - and I would suggest you do some testing before you take that number as the law.

JYTPW.

Hi,

Yes it is redundant, the ip tcp adjust-mss only needs to be on the subinterface in this example, because it is a layer 3 interface. Where there are MTU issues there are MTU issues for all protocols.

This command only affects TCP traffic. If you monitor closely you will notice UDP traffic getting fragmented or dropped on occasion. Usually it is UDP port 88 kerberos (MS Windows) or SNMP 161 when polling some devices that give large amounts of information in response. The MTU would be 40 bytes larger than the MSS you are using in this example , so "ip mtu 1394" would be used in the subinterface here to cover the larger UDP packets encountered.

Cheers,

Brian

Hi,

I have a few question regarding ip tcp adjust-mss comand:

1. Does this command rewrite MSS in SYN packet from client to server and in SYN/ACK packet from server to client?

2. Client/Server MSS need not be the same as mentioned below. Client and Server will not settle on the lower of the two MSS values [sent and received] is still valid, right?

Per RFC 879:

.  The TCP Maximum Segment Size Option
   TCP provides an option that may be used at the time a connection is
   established (only) to indicate the maximum size TCP segment that can
   be accepted on that connection.  This Maximum Segment Size (MSS)
   announcement (often mistakenly called a negotiation) is sent from the
   data receiver to the data sender and says "I can accept TCP segments
   up to size X". The size (X) may be larger or smaller than the
   default.  The MSS can be used completely independently in each
   direction of data flow.  The result may be quite different maximum
   sizes in the two directions.

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

1. Does this command rewrite MSS in SYN packet from client to server and in SYN/ACK packet from server to client?

Oh, without looking it up, I forget exactly what it does.  I do know it will affect TCP handshake in either direction.

2. Client/Server MSS need not be the same as mentioned below. Client and Server will not settle on the lower of the two MSS values [sent and received] is still valid, right?

Yes, but as I noted above, the command will examine and perhaps modify traffic in either direction.  Only if one or both side sources was less than the adjustment would that handshake be ignored.

e.g.

host A has mss 1460

host B has mss 1260

you configure mss-adjust 1360

host A would be reset to 1360, host B would be left at 1260