> 05.04.2021 19:44, Rozhuk Ivan wrote: > > >>> As I understand, in some cases remote host does not reply with MSS > >>> option, and host behind router continue use mss 8960, that dropped > >>> by router. > >> If the peer does not provide an MSS option, your local FreeBSD based > >> host should use an MSS of net.inet.tcp.mssdflt bytes. The default is > >> 536. So I don't think this should be a problem. > > > > Thats it! > > Thanks, it was ~64k in mine config. > > This is also per-host setting, you know :-) > > It is generally bad idea using MTU over 1500 for an interface facing public network > without -mtu 1500. You see, because TCP MSS affects only TCP and there is also UDP > that happily produces oversized datagramms for DNS or RTP or NFS or tunneling like L2TP or OpenVPN etc. > relying on IP fragmentation. > > I still recommend using -mtu 1500 in addition to mssdflt in your case. I do not recommend such a setting. That would defeat any jumbo frame usage locally! The gateway/router that is forwarding packets to the internet connection needs its upstream interface mtu set properly, and configured to properly return icmp need fragement messages on the interfaces towards the internal network. This leaking of jumbo frames to the Internet is almost always caused by blockage of icmp packets internal to a network, and doing that forces one to run on an mtu that is acceptable to the global Internet, a far from optimal situation. -- Rod Grimes rgrimes_at_freebsd.orgReceived on Tue Apr 06 2021 - 10:54:38 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:28 UTC