Re: TCP Connection hang - MSS again

From: Rodney W. Grimes <freebsd-rwg_at_gndrsh.dnsmgr.net>
Date: Tue, 6 Apr 2021 05:54:27 -0700 (PDT)
> 05.04.2021 19:44, Rozhuk Ivan wrote:
> 
> >>> As I understand, in some cases remote host does not reply with MSS
> >>> option, and host behind router continue use mss 8960, that dropped
> >>> by router.  
> >> If the peer does not provide an MSS option, your local FreeBSD based
> >> host should use an MSS of net.inet.tcp.mssdflt bytes. The default is
> >> 536. So I don't think this should be a problem.
> > 
> > Thats it!
> > Thanks, it was ~64k in mine config.
> 
> This is also per-host setting, you know :-)
> 
> It is generally bad idea using MTU over 1500 for an interface facing public network
> without -mtu 1500. You see, because TCP MSS affects only TCP and there is also UDP
> that happily produces oversized datagramms for DNS or RTP or NFS or tunneling like L2TP or OpenVPN etc.
> relying on IP fragmentation.
> 
> I still recommend using -mtu 1500 in addition to mssdflt in your case.

I do not recommend such a setting.  That would defeat any jumbo frame usage
locally!

The gateway/router that is forwarding packets to the internet connection
needs its upstream interface mtu set properly, and configured to properly
return icmp need fragement messages on the interfaces towards the
internal network.

This leaking of jumbo frames to the Internet is almost always caused
by blockage of icmp packets internal to a network, and doing that
forces one to run on an mtu that is acceptable to the global Internet,
a far from optimal situation.

-- 
Rod Grimes                                                 rgrimes_at_freebsd.org
Received on Tue Apr 06 2021 - 10:54:38 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:28 UTC