 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
TCP path MTU discovery helps avoid BGP packet fragmentation. However, enabling TCP path MTU discovery creates ICMP vulnerability. To prevent these ICMP vulnerability issues, you can configure the TCP maximum segment size (MSS) globally, or for each BGP peer. You can also configure the advertised MSS value for each BGP peer to prevent fragmentation of packets sent by the BGP peer.
To configure the TCP MSS value, include the tcp-mss statement:
-
tcp-mss segment-size;
For a list of hierarchy levels at which you can include this statement, see the statement summary section for this statement.
Include the tcp-mss statement for a specific BGP neighbor to send the specified segment size to the BGP neighbor as the advertised MSS. The configured MSS value is also used as the maximum segment size for the sender. If the MSS value from the BGP neighbor is less than the MSS value configured, the MSS value from the BGP neighbor is used as the maximum segment size for the sender.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |