1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ip tcp adjust-mss 1452 for PPPoE connection

Discussion in 'Other Cisco Equipment' started by tuannd, Jul 14, 2008.

  1. tuannd

    tuannd Network Guru Member

    I just changed from Linksys WRT54G Router to use Cisco 877.

    For Cisco 877 to work I should include the below command for LAN inside Interface

    ip tcp adjust-mss 1452

    Google this command I found that for PPPoE connection we need adjust size of packet !

    Without this command, many our PC unable to connect to Internet !

    But before with Linksys router, all of our PCs could connect well to Internet

    Please advise how to Linksys and other lowend ADSL router can adjust it ? Because when I try to look in to Linksys NVRAM (I use WRT54GL with Tomato and DD-WRT firmware) I couldn't see any kind of adjust package for LAN Interface such mtu and mss when connect use PPPoE ?

    Thank you
    TuanND
     
  2. HennieM

    HennieM Network Guru Member

    Tomato has this iptables rule by default
    Code:
    # iptables -L FORWARD -nv
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination
        0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1453:65535 TCPMSS set 1452
    
    which means any packet that gets forwarded, gets its size trimmed to 1492.

    From the iptables man page:
    Code:
       TCPMSS
           This target allows to alter the MSS value of TCP SYN packets,  to  con-
           trol  the maximum size for that connection (usually limiting it to your
           outgoing interface's MTU minus 40).  Of course, it can only be used  in
           conjunction with -p tcp.
           This  target  is  used to overcome criminally braindead ISPs or servers
           which block ICMP Fragmentation Needed packets.  The  symptoms  of  this
           problem are that everything works fine from your Linux firewall/router,
           but machines behind it can never exchange large packets:
            1) Web browsers connect, then hang with no data received.
            2) Small mail works fine, but large emails hang.
            3) ssh works fine, but scp hangs after initial handshaking.
           Workaround: activate this option and add a rule to your  firewall  con-
           figuration like:
            iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
                        -j TCPMSS --clamp-mss-to-pmtu
    
           --set-mss value
                  Explicitly set MSS option to specified value.
    
           --clamp-mss-to-pmtu
                  Automatically clamp MSS value to (path_MTU - 40).
    
           These options are mutually exclusive.
     
  3. tuannd

    tuannd Network Guru Member

    So with mss adjustment, the router will inform and request PC to reduce package or it fragment the big package to small packages ?

    If I set mtu to 1492 directly in my PC (use DRTCP.exe utility), do it could help to reduce load on my router or not?
     
  4. HennieM

    HennieM Network Guru Member

    If I understand it right, the router fragments to smaller packets. Reducing the MTU on your PC will probably reduce the load on the router, but you must set it to 1452, not 1492.

    The downside is that ALL packets from your PC, even that to other PCs and devices on your private network, will be reduced. This means more overhead (or rather less payload) per packet, and thus slower comms on your private net.
     

Share This Page