PPPoE Change MSS

RouterOS General
1

Hey Forum Guru’s,

I’ve had a search around - read the wiki and im not too clear on something.

On the PPPoE Server (So on the AP side) we have TCP change MSS enabled which creates Dynamic rules for each PPPoE - this is good :slight_smile:

On the client side (CPE) where the PPPoE client resides, it ALSO creates these rules for each PPPoE enabled on the client (sometimes 2)

Does it need to be on both sides? Could i turn it off safely on the client side to reduce load on our older boards (133c, 112)? Will this break anything? Quick testing suggests no, but no harm in asking.

Cheers guys!

2

Router only is fine, unless you permit inbound connections (port forward, or public IPs) - in which case you can still do it on the router, but would want to do it both ways. It’s a transparent change on the initial SYN packet in a TCP connection. http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ft_admss.html has a nice description of how it works on Cisco, the same principle applies on RouterOS.

3

Thanks for that.

I’m still not entirely clear on what you mean thought.

On the AP (PPPoE Server) there appears two dynamic rules for each PPPoE (one in, one out)
On the CPE (PPPoE Client) there appears the same two rules.

We give clients an external IP via PPPoE and NAT that on their CPE.

So can i take these rules off of the CPE, leaving the AP only to do the SYN packet changes if required?

4

Yes, you can. As long as a router between the source of the connection and the destination of the connection changes the MSS on the initial SYN packet, everything will work just fine. Since your AP is between your customers and virtually all destinations they could go to, having the rule just on the AP will be sufficient.

5

Excellent, thanks Fewi :slight_smile: Better to ask, than having a ton of angry customers calling! We still have around 200 133c’s in the field :confused: Too old to upgrade to ROS5, too expensve to replace :stuck_out_tongue: lol