tcp-mss
Syntax
tcp-mss mss-value;
Hierarchy Level
[edit system internet-options] [edit interfaces name unit number family protocol]
Description
Enable and specify the TCP maximum segment size (TCP MSS) to be used to replace that of TCP SYN packets whose maximum segment size (MSS) option is set to a higher value than the value you choose.
If the router receives a TCP packet with the SYN bit and MSS option set and the MSS
option specified in the packet is larger than the MSS specified by the
tcp-mss
command, the router replaces the MSS value in the
packet with the lower value specified by the tcp-mss
statement.
There are multiple factors which defines the MSS value for TCP packets in Junos,
which are reflected in the MSS value displayed in the output of the show system connection
extensive
.
-
The MSS value offered by the peer in the SYN packet
-
Rounding the MSS off to the nearest multiple of 2048
-
The MTU value of the interface
-
The configured path MTU value
-
Whether TCP sessions that are not directly-connected, and the path MTU are disabled
-
Whether the TCP sessions are on directly-connected network
This statement enables you to specify the MSS size in TCP SYN packets used during session establishment. Decreasing the MSS size helps to limit packet fragmentation and to protect against packet loss that can occur when a packet must be fragmented to meet the MTU size but the packet’s DF (don’t fragment) bit is set.
Use the tcp-mss
statement to specify a lower TCP MSS value than the
value in the TCP SYN packets.
If you configure this statement under the [edit interfaces]
hierarchy, keep in mind:
- This statement only takes effect on lt- interfaces, gr- interfaces, and service-related interfaces like L2TP network server (LNS) and service sets.
- TCP MSS adjustment only takes effect for packets entering the interface. This statement has no effect on packets exiting an interface.
When an SRX Series Firewall is running in packet mode with MPLS, TCP MSS is not supported.
Options
mss-value
—TCP
MSS value for SYN packets with a higher MSS value set.
Range: 64 through 65535 bytes.
Default: TCP MSS is disabled.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.2. Use Feature Explorer to confirm platform and release support for this feature.