Supported platforms

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

TCP MSS clamping with Vyatta

When you configure clamping with Vyatta, the system will perform it on TCP MSS SYN and SYN-ACK packets that enter and leave the interface.

Note: The TCP MSS option is not an obligatory part of the TCP packets. Vyatta can adjust the TCP MSS option value only if the MSS option is present in the packet However, most TCP devices do include the MSS option.


You can configure Vyatta to apply clamping as follows:

  • Per interface
  • Independently for IPv4 and IPv6


Vyatta supports the following options:

MTU Maximum MSS
Based on the interface MTU (MTU less default IP and TCP header sizes).
  • Example: If the interface MTU was 1500, MSS is clamped to 1460.
  • Command: ip tcp-mss mtu
  • Recommended usage: If there is no additional encapsulation on a packet's path, use this option.
MTU Minus
Based on the interface MTU (MTU less default IP and TCP header sizes, and with an additional value subtracted.
  • Example: If the MTU was 1500, MSS is clamped to 1436.
  • Command: ip tcp-mss mtu-minus 24
  • Recommended usage: If PPPoE is used, use this option. PPPoE requires an additional 8 bytes and truncates the Ethernet MTU to 1492 (1500 - 8). PPPoE is often used with an Asymmetric digital subscriber line (ADSL).
Specific Value
You configure a specific value.
  • Example: MSS clamped to 1436.
  • Command: ip tcp-mss limit 1436

Supported interfaces

Vyatta supports TCP MSS clamping for a range of interface types:

  • Dataplane (with and without vif)
  • Bridge
  • L2tpeth (with and without vif)
  • Openvpn
  • Tunnel
  • Vti
  • Bonding (with and without vif)
  • S2s-fp (only supports clamping to a specific value)

Encapsulation overhead

The amount of protocol overhead varies based on the encapsulation type.

  • GRE adds 24 bytes (20 byte IPv4, 4 byte GRE)
  • 6in4 encapsulation adds 20 bytes
  • 4in6 encapsulation adds 20 bytes
  • MPLS adds 4 bytes for each label in the stack
  • 802.1Q adds 4 bytes (Q-in-Q would add 8 bytes)
  • VXLAN adds 50 bytes
  • PPPoE adds 8 bytes