diff options
author | Markus Bukowski <me@mrbuk.de> | 2022-01-15 13:01:57 +0100 |
---|---|---|
committer | Markus Bukowski <me@mrbuk.de> | 2022-01-15 13:01:57 +0100 |
commit | 08443de04ee2e0bcacceb70bc00190a097179d94 (patch) | |
tree | 14d0158c105ab5dc3b75ca0f169f02759226b3aa | |
parent | fedeac219134567c245f161a1f3a5898ba1100b1 (diff) | |
download | vyos-documentation-08443de04ee2e0bcacceb70bc00190a097179d94.tar.gz vyos-documentation-08443de04ee2e0bcacceb70bc00190a097179d94.zip |
Add clamp-mss-to-pmtu option and description
-rw-r--r-- | docs/_include/interface-ip.txt | 5 | ||||
-rw-r--r-- | docs/configuration/interfaces/pppoe.rst | 33 |
2 files changed, 15 insertions, 23 deletions
diff --git a/docs/_include/interface-ip.txt b/docs/_include/interface-ip.txt index 2c92c944..6045a7a8 100644 --- a/docs/_include/interface-ip.txt +++ b/docs/_include/interface-ip.txt @@ -1,5 +1,5 @@ .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} - {{ var5 }} {{ var6 }} ip adjust-mss <mss> + {{ var5 }} {{ var6 }} ip adjust-mss <mss | clamp-mss-to-pmtu> As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of @@ -12,6 +12,9 @@ .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU. + Instead of a numberical MSS value `clamp-mss-to-pmtu` can be used to + automatically set the proper value. + .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} {{ var5 }} {{ var6 }} ip arp-cache-timeout diff --git a/docs/configuration/interfaces/pppoe.rst b/docs/configuration/interfaces/pppoe.rst index ae6a8cba..a1537e80 100644 --- a/docs/configuration/interfaces/pppoe.rst +++ b/docs/configuration/interfaces/pppoe.rst @@ -177,7 +177,7 @@ PPPoE options PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs. -.. cfgcmd:: set interfaces pppoe <interface> ip adjust-mss <mss> +.. cfgcmd:: set interfaces pppoe <interface> ip adjust-mss <mss | clamp-mss-to-pmtu> As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of @@ -190,6 +190,9 @@ PPPoE options .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU. +Instead of a numberical MSS value `clamp-mss-to-pmtu` can be used to +automatically set the proper value. + .. cfgcmd:: set interfaces pppoe <interface> ip disable-forwarding Configure interface-specific Host/Router behaviour. If set, the interface will @@ -220,11 +223,7 @@ IPv6 Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC). -.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt - :var0: pppoe - :var1: pppoe0 - -.. cfgcmd:: set interfaces pppoe <interface> ipv6 adjust-mss <mss> +.. cfgcmd:: set interfaces pppoe <interface> ipv6 adjust-mss <mss | clamp-mss-to-pmtu> As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP options part of @@ -237,27 +236,17 @@ IPv6 .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in 1452 bytes on a 1492 byte MTU. +Instead of a numberical MSS value `clamp-mss-to-pmtu` can be used to +automatically set the proper value. + .. cfgcmd:: set interfaces pppoe <interface> ipv6 disable-forwarding Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface. -.. cfgcmd:: set interfaces pppoe <interface> ipv6 source-validation <strict | loose | disable> - - Enable policy for source validation by reversed path, as specified in - :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict - mode to prevent IP spoofing from DDos attacks. If using asymmetric routing - or other complicated routing, then loose mode is recommended. - - - strict: Each incoming packet is tested against the FIB and if the interface - is not the best reverse path the packet check will fail. By default failed - packets are discarded. - - - loose: Each incoming packet's source address is also tested against the FIB - and if the source address is not reachable via any interface the packet - check will fail. - - - disable: No source validation +.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt + :var0: pppoe + :var1: pppoe0 ********* Operation |