TCP MSS clamping with Vyatta
When you configure clamping with Vyatta, the system will perform it on TCP MSS SYN and SYN-ACK packets that enter and leave the interface.
Application
You can configure Vyatta to apply clamping as follows:
- Per interface
- Independently for IPv4 and IPv6
Options
Vyatta supports the following options:
- MTU Maximum MSS
- Based on the interface MTU (MTU less default IP and TCP header sizes).
- Example: If the interface MTU was 1500, MSS is clamped to 1460.
- Command:
ip tcp-mss mtu
- Recommended usage: If there is no additional encapsulation on a packet's path, use this option.
- MTU Minus
- Based on the interface MTU (MTU less default IP and TCP header sizes, and with an additional value subtracted.
- Example: If the MTU was 1500, MSS is clamped to 1436.
- Command:
ip tcp-mss mtu-minus 24
- Recommended usage: If PPPoE is used, use this option. PPPoE requires an additional 8 bytes and truncates the Ethernet MTU to 1492 (1500 - 8). PPPoE is often used with an Asymmetric digital subscriber line (ADSL).
- Specific Value
- You configure a specific value.
- Example: MSS clamped to 1436.
- Command:
ip tcp-mss limit 1436
Supported interfaces
Vyatta supports TCP MSS clamping for a range of interface types:
- Dataplane (with and without vif)
- Bridge
- L2tpeth (with and without vif)
- Openvpn
- Tunnel
- Vti
- Bonding (with and without vif)
- S2s-fp (only supports clamping to a specific value)
Encapsulation overhead
The amount of protocol overhead varies based on the encapsulation type.
- GRE adds 24 bytes (20 byte IPv4, 4 byte GRE)
- 6in4 encapsulation adds 20 bytes
- 4in6 encapsulation adds 20 bytes
- MPLS adds 4 bytes for each label in the stack
- 802.1Q adds 4 bytes (Q-in-Q would add 8 bytes)
- VXLAN adds 50 bytes
- PPPoE adds 8 bytes