Chapter 6: Tcp Mss Clamping - Avaya 1000 Series Configuration Manual

Chapter 6: TCP MSS Clamping

The TCP MSS feature enables the configuration of the maximum segment size (MSS) for transient packets
that traverse the router. The ip tcp-mss command under the interface tree specifies the MSS value
on the intermediate router of the TCP SYN packets to avoid truncation. When a TCP SYN packet traverses
the router the MSS option is lowered to the specified value in the TCP packet.
The ability to set the TCP MSS value is supported on Ethernet interfaces (including subinterfaces),
bundles, GRE/IPIP Tunnels, and firewall policies. MSS clamping at the firewall policy level provides
greater granularity by allowing the clamping to be performed only for certain hosts.
When setting the TCP MSS value it is recommended that the MSS value be at least 40 bytes less than
the MTU of the interface. The TCP header takes up 20 bytes of data (or more if options are used); the IP
header also uses 20 or more bytes. This means that between them a minimum of 40 bytes are needed
for headers, all of which is non-data overhead.
Configuring TCP MSS on a GRE/IPIP Tunnel Interface
1. To enter the configuration mode, enter:
configure terminal
2. To select the tunnel, enter:
interface tunnel <tunnel-name>
3. To specify the IP address for the tunnel, enter:
ip address <A.B.C.D> <subnet-mask>
4. To specify the source address of the tunnel, enter:
tunnel source <A.B.C.D>
5. To specify the destination address of the tunnel, enter:
tunnel destination <A.B.C.D>
6. To specify the tcp-mtu of the tunnel, enter:
ip tcp-mss <value>
7. To exit the tunnel configuration mode, enter:
exit
Configuring Ethernet Interface
1. To enter the configuration mode, enter:
configure terminal
2. To select the Ethernet interface, enter:
Avaya Secure Router 1000 Series Configuration Guide December 2010 33