TCP MSS clamping with Vyatta
When you configure clamping with Vyatta, the system will perform it on TCP MSS SYN and SYN-ACK packets that enter and leave the interface.
Note: The TCP MSS option is not an obligatory part of the TCP packets. Vyatta can adjust the TCP MSS option value only if the MSS option is present in the packet However, most TCP devices do include the MSS option.
Application
You can configure Vyatta to apply clamping as follows:
- Per interface
- Independently for IPv4 and IPv6
Options
Vyatta supports the following options:
- MTU Maximum MSS
- Based on the interface MTU (MTU less default IP and TCP header sizes).
- Example: If the interface MTU was 1500, MSS is clamped to 1460.
- Command:
ip tcp-mss mtu - Recommended usage: If there is no additional encapsulation on a packet's path, use this option.
- MTU Minus
- Based on the interface MTU (MTU less default IP and TCP header sizes, and with an additional value subtracted.
- Example: If the MTU was 1500, MSS is clamped to 1436.
- Command:
ip tcp-mss mtu-minus 24 - Recommended usage: If PPPoE is used, use this option. PPPoE requires an additional 8 bytes and truncates the Ethernet MTU to 1492 (1500 - 8). PPPoE is often used with an Asymmetric digital subscriber line (ADSL).
- Specific Value
- You configure a specific value.
- Example: MSS clamped to 1436.
- Command:
ip tcp-mss limit 1436
Supported interfaces
Vyatta supports TCP MSS clamping for a range of interface types:
- Dataplane (with and without vif)
- Bridge
- L2tpeth (with and without vif)
- Openvpn
- Tunnel
- Vti
- Bonding (with and without vif)
- S2s-fp (only supports clamping to a specific value)
Encapsulation overhead
The amount of protocol overhead varies based on the encapsulation type.
- GRE adds 24 bytes (20 byte IPv4, 4 byte GRE)
- 6in4 encapsulation adds 20 bytes
- 4in6 encapsulation adds 20 bytes
- MPLS adds 4 bytes for each label in the stack
- 802.1Q adds 4 bytes (Q-in-Q would add 8 bytes)
- VXLAN adds 50 bytes
- PPPoE adds 8 bytes