On 02/11/2013 07:56 PM, Eric A Louie wrote:
I just put in this command on my upstream interfaces to help my mpls network
pass traffic - that is, my effort to eliminate fragmentation in my backbone.
Is anyone else using this method of "mtu control"? I need some support - my CEO
is asking why I have to do this, and who else does it, and is it a common
practice, etc, so I'm looking for evidence, more than just "The Cisco TAC told
me to do it".
We use MSS clamping in a few places - IPSec tunnels, and in front of our
PPTP VPN servers.
In theory, path MTU discovery should make this unnecessary. In practice,
it breaks a lot of the time, due to naive/broken firewall/ACLs and, in
some cases, poor SLB implementations that don't translate the ICMPs
through to the backend.
You will find opinion on MSS clamping to be divided - some people are
opposed to it in principle, others believe it very necessary.
Personally, we found it worked and solved a problem - but I'm not
dogmatic about it.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/