This (not so very) short video explains what TCP MSS clamping is and why we’re almost forced to use it on xDSL (PPPoE) and tunnel interfaces (TL&DR summary: because Internet-wide Path MTU Discovery rarely works).
- Path MTU discovery was first defined in RFC 1191 (yeah, it’s THAT old and still doesn’t work well);
- You’ll find more PMTUD and fragmentation hands-on details in my Never-Ending Story of IP Fragmentation article or in PacketLife’s Path MTU Discovery blog post;
- Packetization Layer Path MTU Discovery (RFC 4821) is an alternate approach that does not rely on ICMP replies;
- Discovering Path MTU black holes presentation from RIPE65 (video).
Some configuration tips
- TCP MSS clamping can be configured on end hosts or on some routers (on Cisco IOS, use ip tcp adjust-mss interface configuration command).
- The ip tcp adjust-mss functionality on Cisco IOS is bidirectional – MSS option is adjusted in inbound and outbound TCP SYN packets traversing the interface on which ip tcp adjust-mss is configured.
- You should configure ip tcp adjust-mss on interfaces with low MTUs. In other words, MSS value configured on an interface should match MTU value of the same interface minus 40 bytes.
- Configuration examples where ip tcp adjust-mss is configured on Ethernet interface have interesting side effects if the router has more than two interfaces.