Community discussions

MUM Europe 2020
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Topic Author
Posts: 285
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

PPPoE Change MSS

Fri Apr 01, 2011 11:49 pm

Hey Forum Guru's,

I've had a search around - read the wiki and im not too clear on something.

On the PPPoE Server (So on the AP side) we have TCP change MSS enabled which creates Dynamic rules for each PPPoE - this is good :)

On the client side (CPE) where the PPPoE client resides, it ALSO creates these rules for each PPPoE enabled on the client (sometimes 2)

Does it need to be on both sides? Could i turn it off safely on the client side to reduce load on our older boards (133c, 112)? Will this break anything? Quick testing suggests no, but no harm in asking.

Cheers guys!
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: PPPoE Change MSS

Sat Apr 02, 2011 12:00 am

Router only is fine, unless you permit inbound connections (port forward, or public IPs) - in which case you can still do it on the router, but would want to do it both ways. It's a transparent change on the initial SYN packet in a TCP connection. http://www.cisco.com/en/US/docs/ios/12_ ... admss.html has a nice description of how it works on Cisco, the same principle applies on RouterOS.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Topic Author
Posts: 285
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Re: PPPoE Change MSS

Sat Apr 02, 2011 12:04 am

Thanks for that.

I'm still not entirely clear on what you mean thought.

On the AP (PPPoE Server) there appears two dynamic rules for each PPPoE (one in, one out)
On the CPE (PPPoE Client) there appears the same two rules.

We give clients an external IP via PPPoE and NAT that on their CPE.

So can i take these rules off of the CPE, leaving the AP only to do the SYN packet changes if required?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: PPPoE Change MSS

Sat Apr 02, 2011 12:15 am

Yes, you can. As long as a router between the source of the connection and the destination of the connection changes the MSS on the initial SYN packet, everything will work just fine. Since your AP is between your customers and virtually all destinations they could go to, having the rule just on the AP will be sufficient.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Topic Author
Posts: 285
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Re: PPPoE Change MSS

Sat Apr 02, 2011 12:29 am

Excellent, thanks Fewi :) Better to ask, than having a ton of angry customers calling! We still have around 200 133c's in the field :/ Too old to upgrade to ROS5, too expensve to replace :P lol

Who is online

Users browsing this forum: draid, MSN [Bot], vortex and 153 guests