diff options
author | rebortg <github@ghlr.de> | 2020-11-30 20:53:36 +0100 |
---|---|---|
committer | rebortg <github@ghlr.de> | 2020-11-30 20:53:36 +0100 |
commit | 8943fc9f877cbee3301a8261ddd27b4b1f15f174 (patch) | |
tree | bb09c5f41a7683dc361517c2bde346eea36cda24 /docs/routing/mss-clamp.rst | |
parent | e33e1268f944be445b5a771df0e97e913487512f (diff) | |
download | vyos-documentation-8943fc9f877cbee3301a8261ddd27b4b1f15f174.tar.gz vyos-documentation-8943fc9f877cbee3301a8261ddd27b4b1f15f174.zip |
arrange services and protocols
Diffstat (limited to 'docs/routing/mss-clamp.rst')
-rw-r--r-- | docs/routing/mss-clamp.rst | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/docs/routing/mss-clamp.rst b/docs/routing/mss-clamp.rst deleted file mode 100644 index 3fdd1153..00000000 --- a/docs/routing/mss-clamp.rst +++ /dev/null @@ -1,63 +0,0 @@ -.. _routing-mss-clamp: - -################ -TCP-MSS Clamping -################ - -As Internet wide PMTU discovery rarely works, we sometimes need to clamp -our TCP MSS value to a specific value. This is a field in the TCP -Options part of a SYN packet. By setting the MSS value, you are telling -the remote side unequivocally 'do not try to send me packets bigger than -this value'. - -Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS -value for IPv4 and IPv6. - - -.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting - in 1452 bytes on a 1492 byte MTU. - - -IPv4 -==== - -.. cfgcmd:: set firewall options interface <interface> adjust-mss <number-of-bytes> - - Use this command to set the maximum segment size for IPv4 transit - packets on a specific interface (500-1460 bytes). - -Example -------- - -Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and -`1372` -for your WireGuard `wg02` tunnel. - -.. code-block:: none - - set firewall options interface pppoe0 adjust-mss '1452' - set firewall options interface wg02 adjust-mss '1372' - -IPv6 -==== - -.. cfgcmd:: set firewall options interface <interface> adjust-mss6 <number-of-bytes> - - Use this command to set the maximum segment size for IPv6 transit - packets on a specific interface (1280-1492 bytes). - -Example -------- - -Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and -`wg02` interface. - -.. code-block:: none - - set firewall options interface pppoe0 adjust-mss6 '1280' - set firewall options interface wg02 adjust-mss6 '1280' - - - -.. hint:: When doing your byte calculations, you might find useful this - `Visual packet size calculator <https://baturin.org/tools/encapcalc/>`_. |