diff options
| author | Markus Bukowski <me@mrbuk.de> | 2022-01-15 13:01:57 +0100 | 
|---|---|---|
| committer | Markus Bukowski <me@mrbuk.de> | 2022-01-15 13:01:57 +0100 | 
| commit | 08443de04ee2e0bcacceb70bc00190a097179d94 (patch) | |
| tree | 14d0158c105ab5dc3b75ca0f169f02759226b3aa | |
| parent | fedeac219134567c245f161a1f3a5898ba1100b1 (diff) | |
| download | vyos-documentation-08443de04ee2e0bcacceb70bc00190a097179d94.tar.gz vyos-documentation-08443de04ee2e0bcacceb70bc00190a097179d94.zip | |
Add clamp-mss-to-pmtu option and description
| -rw-r--r-- | docs/_include/interface-ip.txt | 5 | ||||
| -rw-r--r-- | docs/configuration/interfaces/pppoe.rst | 33 | 
2 files changed, 15 insertions, 23 deletions
| diff --git a/docs/_include/interface-ip.txt b/docs/_include/interface-ip.txt index 2c92c944..6045a7a8 100644 --- a/docs/_include/interface-ip.txt +++ b/docs/_include/interface-ip.txt @@ -1,5 +1,5 @@  .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} -  {{ var5 }} {{ var6 }} ip adjust-mss <mss> +  {{ var5 }} {{ var6 }} ip adjust-mss <mss | clamp-mss-to-pmtu>    As Internet wide PMTU discovery rarely works, we sometimes need to clamp our    TCP MSS value to a specific value. This is a field in the TCP options part of @@ -12,6 +12,9 @@    .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in      1452 bytes on a 1492 byte MTU. +  Instead of a numberical MSS value `clamp-mss-to-pmtu` can be used to  +  automatically set the proper value. +  .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}    {{ var5 }} {{ var6 }} ip arp-cache-timeout diff --git a/docs/configuration/interfaces/pppoe.rst b/docs/configuration/interfaces/pppoe.rst index ae6a8cba..a1537e80 100644 --- a/docs/configuration/interfaces/pppoe.rst +++ b/docs/configuration/interfaces/pppoe.rst @@ -177,7 +177,7 @@ PPPoE options     PPPoE connection must be established over a physical interface. Interfaces     can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs. -.. cfgcmd:: set interfaces pppoe <interface> ip adjust-mss <mss> +.. cfgcmd:: set interfaces pppoe <interface> ip adjust-mss <mss | clamp-mss-to-pmtu>    As Internet wide PMTU discovery rarely works, we sometimes need to clamp our    TCP MSS value to a specific value. This is a field in the TCP options part of @@ -190,6 +190,9 @@ PPPoE options    .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in      1452 bytes on a 1492 byte MTU. +Instead of a numberical MSS value `clamp-mss-to-pmtu` can be used to  +automatically set the proper value. +  .. cfgcmd:: set interfaces pppoe <interface> ip disable-forwarding    Configure interface-specific Host/Router behaviour. If set, the interface will @@ -220,11 +223,7 @@ IPv6     Use this command to enable acquisition of IPv6 address using stateless     autoconfig (SLAAC). -.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt -  :var0: pppoe -  :var1: pppoe0 - -.. cfgcmd:: set interfaces pppoe <interface> ipv6 adjust-mss <mss> +.. cfgcmd:: set interfaces pppoe <interface> ipv6 adjust-mss <mss | clamp-mss-to-pmtu>    As Internet wide PMTU discovery rarely works, we sometimes need to clamp our    TCP MSS value to a specific value. This is a field in the TCP options part of @@ -237,27 +236,17 @@ IPv6    .. hint:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting in      1452 bytes on a 1492 byte MTU. +Instead of a numberical MSS value `clamp-mss-to-pmtu` can be used to  +automatically set the proper value. +  .. cfgcmd:: set interfaces pppoe <interface> ipv6 disable-forwarding    Configure interface-specific Host/Router behaviour. If set, the interface will    switch to host mode and IPv6 forwarding will be disabled on this interface. -.. cfgcmd:: set interfaces pppoe <interface> ipv6 source-validation <strict | loose | disable> - -  Enable policy for source validation by reversed path, as specified in -  :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict -  mode to prevent IP spoofing from DDos attacks. If using asymmetric routing -  or other complicated routing, then loose mode is recommended. - -  - strict: Each incoming packet is tested against the FIB and if the interface -    is not the best reverse path the packet check will fail. By default failed -    packets are discarded. - -  - loose: Each incoming packet's source address is also tested against the FIB -    and if the source address is not reachable via any interface the packet -    check will fail. - -  - disable: No source validation +.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt +  :var0: pppoe +  :var1: pppoe0  *********  Operation | 
