cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1309
Views
0
Helpful
2
Replies

Equivalent command in nx-os (7000 series) for ip tcp adjust-mss or an alternate way

nagasheshu2010
Level 1
Level 1

Hi All,

Do we have a equivalent command in nx-os (7000 series) for ip tcp adjust-mss or an alternate way?

Please advice.

Thanks in advance,

Nagasheshu.

2 Replies 2

russhe
Cisco Employee
Cisco Employee

Hi Nagasheshu,

Unfortunately there is no equivalent command to adjust the maximum segment size in NX-OS. I can think of two possible "workarounds":

1) Use IPSEC, GRE, or both. This would allow you to specify the segments on the tunnel. See the below link for further clarity:

http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html#t15

2) Use an ACL that would drop packets greater than a certain size. While this would not adjust automatically, it would set an MSS. For example:

ip access-list extended drop-large-packets

statistics per-entry

deny ip any any packet-length gt 1600

permit ip any any

interface Ethernet1/1

mtu 1600

ip access-group drop-large-packets in

ip address 10.10.10.1/30

no shutdown

This would send an ICMP unreachable to the host.

Use of the "ip tcp adjust-mss" command punts all TCP SYN packets to the CPU and it is software switched. Another recommendation could be to use a large enough MTU across the path that can support whatever application needs you might have while still allowing the system to handle normal TCP processes.

Hopefully this helps. Please let me know if I can be of any further assistance.

Thanks!

-Russ

Thank you Russ!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: