From 11e42fb21d31ed94e1cd43fb3fa6842ad2c50244 Mon Sep 17 00:00:00 2001
From: SquirePug <42793435+SquirePug@users.noreply.github.com>
Date: Thu, 6 Oct 2022 15:21:36 +1100
Subject: Add MSS clamp example

---
 docs/configuration/policy/examples.rst | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'docs/configuration/policy/examples.rst')

diff --git a/docs/configuration/policy/examples.rst b/docs/configuration/policy/examples.rst
index 2d44f4bc..ca860945 100644
--- a/docs/configuration/policy/examples.rst
+++ b/docs/configuration/policy/examples.rst
@@ -182,3 +182,32 @@ Add multiple source IP in one rule with same priority
   set policy local-route rule 101 source '203.0.113.253'
   set policy local-route rule 101 source '198.51.100.0/24'
 
+###########################
+Clamp MSS for a specific IP
+###########################
+
+This example shows how to target an MSS clamp (in our example to 1360 bytes) 
+to a specific destination IP.
+
+.. code-block:: none
+
+  set policy route IP-MSS-CLAMP rule 10 description 'Clamp TCP session MSS to 1360 for NN.NNN.NNN.NNN'
+  set policy route IP-MSS-CLAMP rule 10 destination address 'NN.NNN.NNN.NNN/32'
+  set policy route IP-MSS-CLAMP rule 10 protocol 'tcp'
+  set policy route IP-MSS-CLAMP rule 10 set tcp-mss '1360'
+  set policy route IP-MSS-CLAMP rule 10 tcp flags 'SYN'
+
+To apply this policy to the correct interface, configure it on the 
+interface the inbound local host will send through to reach our 
+destined target host (in our example eth1).
+
+.. code-block:: none
+
+  set interfaces ethernet eth1 policy route IP-MSS-CLAMP
+
+You can view that the policy is being correctly (or incorrectly) utilised
+with the following command:
+
+.. code-block:: none
+
+  show policy route statistics
-- 
cgit v1.2.3


From 57a03630ae6bb3ccb17f2131a316f5cf4f0e6f3a Mon Sep 17 00:00:00 2001
From: Robert Göhler <github@ghlr.de>
Date: Tue, 8 Nov 2022 21:04:29 +0100
Subject: Adjust example IP

---
 docs/configuration/policy/examples.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'docs/configuration/policy/examples.rst')

diff --git a/docs/configuration/policy/examples.rst b/docs/configuration/policy/examples.rst
index ca860945..f52a7950 100644
--- a/docs/configuration/policy/examples.rst
+++ b/docs/configuration/policy/examples.rst
@@ -191,8 +191,8 @@ to a specific destination IP.
 
 .. code-block:: none
 
-  set policy route IP-MSS-CLAMP rule 10 description 'Clamp TCP session MSS to 1360 for NN.NNN.NNN.NNN'
-  set policy route IP-MSS-CLAMP rule 10 destination address 'NN.NNN.NNN.NNN/32'
+  set policy route IP-MSS-CLAMP rule 10 description 'Clamp TCP session MSS to 1360 for 198.51.100.30'
+  set policy route IP-MSS-CLAMP rule 10 destination address '198.51.100.30/32'
   set policy route IP-MSS-CLAMP rule 10 protocol 'tcp'
   set policy route IP-MSS-CLAMP rule 10 set tcp-mss '1360'
   set policy route IP-MSS-CLAMP rule 10 tcp flags 'SYN'
-- 
cgit v1.2.3