The 7705 SAR-Hm series of routers support a configurable filter that adjusts the maximum segment size (MSS) of TCP packets marked with a SYN flag that traverse VPRN SAP interfaces. The MSS adjustment filter prevents upstream and downstream TCP packets from being fragmented.
MSS adjustment is performed by the virtualized integrated BB ISA MDA when an IP filter is enabled with the action tcp-mss-adjust command. The filter can be applied on a VPRN SAP interface in the ingress direction, egress direction, or both directions. Both IPv4 and IPv6 filters are supported. For information about the virtualized BB ISA MDA, see "Chassis IOM and MDAs" in the 7705 SAR-Hm Interface Configuration Guide.
To configure a TCP MSS adjustment filter on a VPRN SAP interface:
Create a NAT group that will be used for MSS adjustment.
The following CLI output is an example of the creation of a NAT group on the virtualized integrated BB ISA MDA in slot 1/6.
config
card 1
mda 6
mda-type isa-bb-v
no shutdown
exit
no shutdown
exit
configure
isa
nat-group 1 create
active-mda-limit 1
mda 1/6
no shutdown
exit
Associate the NAT group with a routing instance and configure the MSS value as shown in the following example.
config
service
vprn services-id
mss-adjust-group 1 segment-size 1352
Create ingress or egress IP filters that perform TCP MSS adjustment.
The following example shows the configuration of IPv4 filters and IPv6 filters that perform TCP MSS adjustment at ingress and egress.
configure
filter
ip-filter 1 name "1" create
default-action forward
description "Ingress"
entry 1 create
match protocol tcp
tcp-syn true
exit
action
tcp-mss-adjust
exit
exit
exit
ip-filter 2 name "2" create
default-action forward
description "Egress"
entry 1 create
match protocol tcp
tcp-syn true
exit
action
tcp-mss-adjust
exit
egress-pbr default-load-balancing
exit
exit
ipv6-filter 1 name "3" create
default-action forward
description "Ingress"
entry 1 create
match next-header tcp
tcp-syn true
exit
action
tcp-mss-adjust
exit
exit
exit
ipv6-filter 2 name "4" create
default-action forward
description "Egress"
entry 1 create
match next-header tcp
tcp-syn true
exit
action
tcp-mss-adjust
exit
egress-pbr default-load-balancing
exit
exit
exit
Apply the filters that perform TCP MSS adjustment to the VPRN SAP interface. The filters can be applied in the ingress direction, egress direction, or both directions. In the following example, the filters are applied in both the ingress and egress directions.
config
service
vprn service-id
interface "int1_vprn1" create
address 10.10.1.1/24
sap 1/2/3 create
ingress
filter ip 1
exit
egress
filter ip 2
exit
exit
exit
exit
vprn service-id2
interface "int1_vprn2" create
ipv6
address 10:1::1/32
neighbor 10:1::2 00:02:01:00:00:01
exit
sap 1/2/3:1 create
ingress
filter ipv6 3
exit
egress
filter ipv6 4
exit
exit
exit
exit