Community discussions

MikroTik App
 
halacs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Thu Jul 06, 2017 5:45 pm

EoIP Tunnel Clamp TPC MSS

Sun Feb 07, 2021 2:31 pm

Hi,

I have an EoIP tunnel between a Mikrotik RB4011iGS+RM and a Mikrotik CCR1009-7G-1C-1S+PC device.

There is a "Clamp TCP MSS" option at the EOIP settings page in winbox. Even if I set it, I also have to add another "change MSS" (with 1250 MSS) rule under Firewall/Mangle to have properly working TCP connections via the EOIP tunnel.

Based on the documentation, I tought "Clamp TCP MSS" would be enough to turn on at the EOIP settings but this is not the case.
What do you think, can it happen this is a bug in RouterOS?

I would like to have small MSS (1250) only in the tunnel not for all the network.
I started to work on this as I found my tunnel too slow: I expected near to 1Gbps but it is just cca 100 Mbps. I tested it with samba file copy, apache http/https get request and scp copy. All with 20-25GB big file.

Thanks & br,
Halacs
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1977
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: EoIP Tunnel Clamp TPC MSS

Tue Feb 09, 2021 10:40 pm

Clamp mss in EoIP will only clamp it based on tunnel mtu size, it doesn't know what the mss size is end to end
Last edited by CZFan on Wed Feb 10, 2021 11:01 am, edited 1 time in total.
MTCNA, MTCTCE, MTCRE & MTCINE
 
halacs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Thu Jul 06, 2017 5:45 pm

Re: EoIP Tunnel Clamp TPC MSS

Tue Feb 09, 2021 11:35 pm

I have set 1300 MTU on the EoIP tunnel. Additional rule set MSS to 1250.

Reason behind 1300/1250 MTU if a PPPoE internet connection with VLAN tagged LAN plus a NAT in front of the tunnel because of the dynamic public IP.

Am I right that, in this case, if MTU of the tunnel would be set to 1250 then I could remove the extra rule?
 
User avatar
nichky
Long time Member
Long time Member
Posts: 680
Joined: Tue Jun 23, 2015 2:35 pm

Re: EoIP Tunnel Clamp TPC MSS

Wed Feb 10, 2021 1:59 am

@CZFan

and what Clamp mss in EoIP does?
RouterOS does not have a random function. Many has tried to make script to make random text, but all seems to be flawed.
viewtopic.php?f=9&t=160183

!) Safe Mode is your friend;
 
tdw
Forum Veteran
Forum Veteran
Posts: 712
Joined: Sat May 05, 2018 11:55 am

Re: EoIP Tunnel Clamp TPC MSS

Wed Feb 10, 2021 3:42 am

I have set 1300 MTU on the EoIP tunnel. Additional rule set MSS to 1250.
Be aware that if you add an EoIP interface with an MTU<1500 to a bridge it will impact any traffic between local bridge ports too, usually breaking things.
 
halacs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Thu Jul 06, 2017 5:45 pm

Re: EoIP Tunnel Clamp TPC MSS

Wed Feb 10, 2021 9:13 am

Be aware that if you add an EoIP interface with an MTU<1500 to a bridge it will impact any traffic between local bridge ports too, usually breaking things.
Yeah, actually there is a warning in the documentation: MTU should be 1500 in the EOIP tunnel. if I set it to auto it gets somewhere between 1500 and my 1300. If set it to 1500 manually it doesn't work.
If tunnel would have 1500 MTU tunnel should do fragmentation because of the PPPoE internet connection.
My LAN bridge is set to 1500 MTU manually. Can it cause problem?
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1977
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: EoIP Tunnel Clamp TPC MSS

Wed Feb 10, 2021 12:43 pm

@CZFan

and what Clamp mss in EoIP does?
Not sure if I understand the question correctly, but:

OP did not mention EoIP tunnel MTU size in OP, so with that, if the tunnel MTU was set at 1500, then the "Clamp TCP MSS" in EoIP config will clamp the MSS at 1460, which might not be low enough.

@OP:
You can specify out interface as the tunnel interface in the mangle rule which will then only change the MSS for traffic going out the tunnel, i.e.
/ip firewall mangle
add action=change-mss chain=forward new-mss=1250 out-interface=eoip-tunnel1 passthrough=no protocol=tcp tcp-flags=syn tcp-mss=1251-65535
MTCNA, MTCTCE, MTCRE & MTCINE
 
halacs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Thu Jul 06, 2017 5:45 pm

Re: EoIP Tunnel Clamp TPC MSS

Wed Feb 10, 2021 3:53 pm

I can't set out interface to the tunnel:
"in/out-interface matcher not possible when interface (eoip-tunnel-xxx) is slave - use maser instead (brdige1)"

On bridge1 I have vlan tags also and I use it so far in the mangle rule as out interface.

Who is online

Users browsing this forum: itplus and 54 guests