From: bodea Date: Sat, 4 Jun 2005 15:40:53 +0000 (+0000) Subject: Add note about fragmentation in Docs/manual.html, and a sample X-Git-Tag: release_2_1_0~8 X-Git-Url: http://git.sameswireless.fr/l2tpns.git/commitdiff_plain/0f22007377e186b9a16839c31156190d378fcffc?ds=inline;hp=73834922ffa1b7d4f36393cdfe228e3f1825ed18 Add note about fragmentation in Docs/manual.html, and a sample iptables rule for MSS clamping. --- diff --git a/Docs/manual.html b/Docs/manual.html index 4db3a83..a857d9b 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -56,6 +56,7 @@ H3 {
  • Filtering
  • Clustering
  • Routing
  • +
  • Avoiding Fragmentation
  • Performance
  • @@ -1030,6 +1031,22 @@ ibgp" for IBGP. If this is not supported by your IOS revision, you can use "maximum-paths" (which works for EBGP) and set as_number to a private value such as 64512.

    +

    Avoiding Fragmentation

    + +Fragmentation of encapsulated return packets to the LAC may be avoided +for TCP sessions by adding a firewall rule to clamps the MSS on +outgoing SYN packets. + +The following is appropriate for interfaces with a typical MTU of +1500: + +
    +iptables -A FORWARD -i tun+ -o eth0 	\
    +    -p tcp --tcp-flags SYN,RST SYN	\
    +    -m tcpmss --mss 1413:1600		\
    +    -j TCPMSS --set-mss 1412
    +
    +

    Performance

    Performance is great.