Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Does tcp adjust-mss work on GRE tunnels?

I read one Cisco doc that said to use this command on GRE - IPSEC tunnels. http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

Yet the Cisco doc on the command states, "The ip tcp adjust-mss command does not work on subinterfaces or GRE tunnels."

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter09186a00801a7f4d.html#wp1048744

So does it work on Subinterfaces and GRE tunnels or not?

8 REPLIES
New Member

Re: Does tcp adjust-mss work on GRE tunnels?

This might not be the difinitive answer you were looking for but I've used this on Tunnel interfaces before since we have a FW blocking ICMP between my client and server.

This article on GRE IP MTU also references using ip tcp-adjust mss command on a tunnel interface.

http://www.cisco.com/warp/public/105/56.html#pfragment

Too add to the confusion, I ran into an article in the past that mentioned you also needed to run NAT on the interface for tcp-adjust mss to work! Although I havn't found this to be the case.

http://www.cisco.com/warp/public/794/router_mtu.html

Cisco Employee

Re: Does tcp adjust-mss work on GRE tunnels?

ip tcp adjust-mss is indeed not supported on a GRE tunnel. In the GRE - IPSEC scenario though, the ip tcp adjust-mss is not to be applied to GRE tunnel interface but to the inbounds interfaces leading to this tunnel.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Does tcp adjust-mss work on GRE tunnels?

I use it on my GRE tunnels and it works well.

ip tcp adjust-mss 1400

I use it on each tunnel interface, that way I can tweak each one independent of the other

Cisco Employee

Re: Does tcp adjust-mss work on GRE tunnels?

You are absolutly right. I just tried with 12.3(5) and it works like a charm.

Thanks,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Does tcp adjust-mss work on GRE tunnels?

And what about NAT. Does ip tcp adjust-mss work without NAT ?

Browsing the Internet over a PPPOE-DSL connection without adjusting mss is a really problem.

If I have a PPPOE-DSL connection with a public-routed adress-range and I do not use NAT,

or I use such a router only for a VPN-tunnel without NAT, does ip tcp adjust-mss work or doesn't it ?

Is there another way to adjust the mss (maybe with PBR) ?

regards

Christian

New Member

Re: Does tcp adjust-mss work on GRE tunnels?

Yes it does.

On the dialer int try ip tcp adjust-mss 1452

On the tunnenl try ip tcp adjust-mss 1380

That's what I use on my 1751 that use PPPOE connections

I attached a cisco doc on the matter.

Here is the formula I derived from the doc

MTU 1500 - the parts the apply for your setup = adjust-mss

ip header(20)

tcp header(20)

gre (24)

pppoe (8)

ipsec transport (38)

ipsec tunnel (56)

New Member

Re: Does tcp adjust-mss work on GRE tunnels?

Is there a way to set the tcp MSS only for some specific traffic ? e.g. traffic that match an access-list ?

New Member

Re: Does tcp adjust-mss work on GRE tunnels?

This would be only interface specific. I don't think there would be any benefit of adjusting the MSS on just an HTTP packet for example or based on specific destination.

The MTU of a link is the MTU, regardless of the type of traffic.

I think if you knew that traffic crossing that interface was going to encounter a smaller segment down it's path, the best place to modify it would be on the router closest to the source (smaller MTU interface). Otherwise it would put the responsibiliy on you (your router) to either guess or know what MTU's you might encounter down the path to the destination...and that could get messy.

1100
Views
5
Helpful
8
Replies