Configuring Service Set Limitations

You can set the following limitations on service set capacity:

• You can limit the maximum number of flows allowed per service set. To configure the maximum value, include the max-flows statement at the [edit services service-set service-set-name] hierarchy level:

  max-flows number;

  The max-flows statement permits you to assign a single flow limit value. For IDS service sets only, you can specify various types of flow limits with a finer degree of control. For more information, see the description of the session-limit statement in Intrusion Detection Service Configuration Guidelines.

• You can limit the maximum segment size (MSS) allowed by the Transmission Control Protocol (TCP). To configure the maximum value, include the tcp-mss statement at the [edit services service-set service-set-name] hierarchy level:

  tcp-mss number;

  The TCP protocol negotiates an MSS value during session connection establishment between two peers. The MSS value negotiated is primarily based on the MTU of the interfaces to which the communicating peers are directly connected to. However in the network, due to variation in link MTU on the path taken by the TCP packets, some packets which are still well within the MSS value may be fragmented when the concerned packet's size exceeds the link's MTU.

  If the router receives a TCP packet with the SYN bit and MSS option set and the MSS option specified in the packet is larger than the MSS value specified by the tcp-mss statement, the router replaces the MSS value in the packet with the lower value specified by the tcp-mss statement. The range for the tcp-mss mss-value parameter is from 536 through 65535.

  To view statistics of SYN packets received and SYN packets whose MSS value, is modified, issue the show services service-sets statistics tcp-mss operational mode command. For more information on this topic, see the JUNOS System Basics Configuration Guide.