tcp-mss (Internet Options)
Syntax
tcp-mss bytes;
Hierarchy Level
[edit system internet-options]
Description
Enable and specify the TCP maximum segment size (MSS) for IPV4 traffic in bytes.
When the device receives a TCP packet with the SYN bit and MSS option set, it
examines the MSS value. If the MSS option specified in the packet is larger than the
MSS you configured with the tcp-mss statement, the router replaces
the MSS value in the packet with the lower value you configured.
This configuration statement is for transit packets. To adjust the TCP MSS for host-originated packets, see tcp-mss (Protocols BGP).
There are
multiple factors that define the MSS value for TCP packets, which are reflected in
the MSS value displayed in the output of the show system connections command:
-
The MSS value offered by the peer in the SYN packet.
-
Rounding the MSS off to the nearest multiple of 2048.
-
The MTU value of the interface.
-
The configured path MTU value.
-
Whether TCP sessions are not directly connected and path MTU discovery is disabled.
-
Whether the TCP sessions are on a directly-connected network.
This statement enables you to specify the MSS size in TCP SYN packets used during session establishment. Decreasing the MSS size helps to limit packet fragmentation and to protect against packet loss that can occur when a packet must be fragmented to meet the MTU size but the packet’s DF (don’t fragment) bit is set.
SRX Series Firewalls running in packet mode with MPLS do not support TCP MSS.
Options
| bytes |
TCP MSS value for SYN packets with a higher MSS value set.
|
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.2. Use Feature Explorer to confirm platform and release support for this feature.