Subject: Re: Patch for timiting TCP MSS (i.e. for new PPPoE)
To: None <kml@selresearch.net>
From: Martin Husemann <martin@duskware.de>
List: tech-net
Date: 12/06/2001 21:20:28
> The problem is that we're concerned about the *other* end of
> the connection, which needs to implement it as well. It seems
> quite a bit tougher to detect this dynamically, and restart
> the TCP connection on our end with a smaller TCP MSS.
This is true, and furthermore: we are the router, it's not our MSS but that
of some windows system in the NATed lan behind us.
I've been through this with several firewall admins, once even with heavy
preassure as my company is important for them - no dice.
Those people are stupid idiots. They argue: other people with PPPoE/NAT routers
have this working against our setup. And, of course, they do not even try to
understand the technical reasoning why their setup is broken - since it works
for everyone besides me, it can't be broken, so why ever think about it.
If common PPPoE routers wouldn't do MSS clamping by default, I'd say we have
a chance. But in current reality, there is not the smallest chance for us to
win this war.
So basically we *need* to implement MSS clamping - as an option, of course
with default OFF.
Martin