Page MenuHomeVyOS Platform
Create Task
Maniphest T3409

Add back TCP-MSS Clamp to PMTU
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

In some cases, like a WAN Loadbalance configuration with different MTU in the WAN interfaces, PMTU still needed to make sure sites that are MTU-dependent doesn't break when the WAN switching to the interface that has a different MTU (happens when it has lower MTU) than the initial WAN interface.

As tcp-mss pmtu is currently removed in followup of T2868 and this feature request made in followup for T2868#80746 to move tcp-mss pmtu to different CLI with different logic.

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

raphielscape created this task.Mar 15 2021, 3:48 AM
raphielscape updated the task description. (Show Details)Mar 15 2021, 4:50 AM
runar added a subscriber: runar.Mar 15 2021, 6:15 AM

What about this? https://docs.vyos.io/en/latest/configuration/firewall/index.html?highlight=Mss#tcp-mss-clamping

pasik added a subscriber: pasik.Mar 15 2021, 9:43 AM
raphielscape added a comment.Mar 15 2021, 11:20 AM
In T3409#89863, @runar wrote:

What about this? https://docs.vyos.io/en/latest/configuration/firewall/index.html?highlight=Mss#tcp-mss-clamping

I'm currently running this, but I still had to clamp the MSS to the client interface as the WAN interface shifted to the interface that has the lowest MTU, some sites with SSL become unreachable. Occasionally, the WAN interface that has a bigger MTU runs at a slower performance without altering the MSS of the client interface to follows the MSS value of the currently running WAN interface.

Here are my firewall options.

vyos@vyos# show firewall options
 interface eth0.15 {
     adjust-mss 1200
 }
 interface eth0.20 {
     adjust-mss 1200
 }
 interface eth0.99 {
     adjust-mss 1420
 }
 interface wg0 {
     adjust-mss 1200
 }
 interface wg1 {
     adjust-mss 1200
 }
syncer triaged this task as Low priority.Oct 17 2021, 3:45 PM
syncer removed a project: VyOS 1.3 Equuleus.
zsdc changed the task status from Open to Confirmed.Feb 4 2022, 9:39 AM
zsdc raised the priority of this task from Low to Normal.
zsdc changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
zsdc changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
zsdc set Issue type to Improvement (missing useful functionality).
Viacheslav added a subscriber: Viacheslav.Jul 10 2022, 8:53 AM

@raphielscape Could you re-test it?

vyos@r14# set interfaces ethernet eth0 ip adjust-mss 
Possible completions:
   clamp-mss-to-pmtu    Automatically sets the MSS to the proper value
   <500-65535>          TCP Maximum segment size in bytes
Viacheslav changed the task status from Confirmed to Needs testing.Jul 10 2022, 8:53 AM
Viacheslav closed this task as Resolved.Tue, Apr 9, 4:21 PM
Viacheslav claimed this task.

Mark it as resolved, reopen the task if required.