2010.01_Cisco Routers with PPPOE Internet Connection_[Cisco].pdf

BASICS

M. YOUSUF FAISAL

Cisco Routers with

PPPOE Internet

Connection

Difficulty

In this article will be discussed is how TCP MSS (Maximum

Segment Size) and MTU (Maximum Transmission Unit) values are

of significant importance. A little brief basics about both MSS and

MTU that we should consider before implementing PPPOE based

internet connections and why the default settings results in your

application and internet performance degradation.

non-Cisco router device, connected to

your internet connection using PPPOE

(assuming that the internet link is fine and all

the tests have been done to make sure there

are no issues with the internet connection

itself)? Immediately after that the users’

starts complaining about the web browsing

performance degradation and perhaps some

sites and even other TCP applications timing-out

often.

And when you do your testing with a basic

ping test or by doing a nslookup on the domain

name you can find out that these sites have

proper replies / responses but yet they cannot be

loaded on the browser on the PC.

should only see this option used during the SYN

and SYN/ACK phase of the 3-way-handshake.

The MSS TCP Option occupies 4 bytes (32 bits)

of length.

MTU and MTU Values:

MTU or Maximum Transmission Unit is the size

of the largest packet that a network protocol can

transmit. There is nothing as such like universal

MTU value. On different MTU values performance

will going to vary depending on the subject

TCP/IP application. Nevertheless, there are

RFC specifications that specify the default MTU

values for standard protocols. Therefore, these

default values should be your starting point for an

optimum setting. Below are some sample RFC's

for MTU (see Table 1).

MSS helps define the MTU used on the

network. MSS and MTU work on different

layers.

Solution – Adjusting TCP

Maximum Segment Size

(MSS) and MTU Value

When you dig deeper and check for solutions on

Google or on Cisco.com it turns out to be that

the problem was the default MTU settings on

your router device. To overcome this issue the

solution is to specify the MTU setting on each

interface.

WHAT YOU SHOULD

KNOW...

Basic understanding of OSI

model, TCP/IP, how to configure

Cisco routers and understanding

on how client / server TCP

communication takes place.

Table 1. Some Protocols, RFC and their MTU

Values.

Protocol RFC MTU

Default

879

576

PPPOE

2516

1492

WHAT YOU WILL

LEARN...

Basics of MTU and MSS and

how to configure correct settings

on Cisco Routers when PPPOE

connection is used.

The Basics:

Maximum Segment Size (MSS)

The Maximum Segment Size is used to define

the maximum segment that will be used during

a connection between two hosts. As such, you

PPP default

1134

1500

Ethernet

895

1500

PPP (low relay)

1144

296

SLIP

1055

1006

36 CISCO 1/2009

E ver wondered when you change your

CISCO ROUTERS WITH PPPOE INTERNET CONNECTION

Maximum Segment Size consists of

the Data segment, while the Maximum

Transfer Unit includes the TCP Header,

MSS and the IP Header. The TCP

Header and Data is called a Segment

(Layer 4), while the IP Header and the

Segment is called an IP Datagram

(Layer 3). Hence, MSS works on layer 4

and MTU works on layer 3. MSS value

should be less then your MTU value,

usually around 40 bytes.

Now regardless of the size, the MTU

Data link layer places an additional

18 bytes of overhead. This overhead

includes the Source and Destination

MAC Address, the Protocol type,

followed by the Frame Check Sequence

placed at the end of the frame. This

is also the reason why we can only

have a maximum MTU of 1500 bytes.

Since the maximum size of an Ethernet

II frame is 1518 bytes, subtracting 18

bytes (Data link overhead) leaves 1500

bytes.

TCP usually computes the

Maximum Segment Size (MSS) that

results in IP Datagrams that match

the network MTU. In practice, this

means the MSS will have such a

value that if we add the IP Header as

well, the IP Datagram (IP Header+TCP

Header+DATA) would be equal to the

network MTU.

When a host (client) initiates a TCP

session with a server, it negotiates the IP

segment size by using the MSS option

field in the TCP SYN packet. The value of

the MSS is determined by the maximum

transmission unit (MTU) configuration on

the host. The default MSS value for a PC

is 1500 bytes.

By standard, PPP over Ethernet

(PPPoE) supports a MTU value of only

1492 bytes. The difference between the

host and PPPoE MTU size can cause

the router in between the host and the

server to drop 1500-byte packets and

terminate TCP sessions over the PPPoE

network. Even if the path MTU (which

detects the correct MTU across the path)

is enabled on the host, sessions may be

dropped because system administrators

sometimes disable the ICMP error

messages that must be relayed from the

host in order for path MTU to work. For

more information on PPPoE please refer

to the RFC-2516 ( http://www.faqs.org/rfcs/

rfc2516.html ).

In most cases, the optimum value is

calculated as:

MSS=1452 bytes + IP header=20

bytes + TCP header=20 bytes + PPPoE

header=8 bytes which equals to a total

bytes of 1500-byte packet that matches

the MTU size for the Ethernet link.

Adjusting MSS size and

MTU values on Cisco

Routers

The ip tcp adjust-mss command helps

prevent TCP sessions from being

dropped by adjusting the MSS value of

the TCP SYN packets and is effective only

for TCP connections passing through the

router.

If you are configuring the ip mtu

command on the same interface as

the ip tcp adjust-mss command, it is

recommended that you use the following

commands and values:

ip tcp adjust-mss 1452

ip mtu 1492

Now in order to adjust the MSS size

and MTU values, do the following: see

Listing 1.

What we learn here, is that we would

want to use the optimum values defined

by the protocol’s relevant RFC rather

then the default MTU values assigned by

the hardware devices in our case here

being PPPOE as a protocol and Cisco

Router as hardware device respectively.

As with any other network device in

use with different protocols, the default

settings, though does work but are and

should not be considered as the optimal

settings. So especially in regards to

connectivity where PPPOE connections

are being utilized then the MTU value

should be 1492 and MSS value should

be 1452 instead of the default MTU value

of 1500.

Listing 1. Configuring MTU and TCP-MSS values on Cisco Routers

Cisco > enable

Cisco # conigure terminal

Cisco ( conig ) # interface type number (e.g; interface Ethernet 0/0)

Cisco ( conig - if ) # ip tcp adjust-mss max-segment-size (e.g; ip tcp adjust-mss

1452)

Cisco ( conig - if ) # ip mtu bytes (e.g; ip mtu 1492)

end

To return the MSS value to the default setting , use the no form of this command .

ip tcp adjust - mss max - segment - size

no ip tcp adjust - mss max - segment - size

Where , max - segment - size is in the range of 500 to 1460 bytes

Verifying TCP MSS Adjustments

Verify the coniguration of the TCP MSS adjustment .

Router # show running-conig interface ethernet0/0

Building coniguration ...

Current coniguration : 90 bytes

interface ethernet1 / 1

ip address 192.168 . 0.1 255.255 . 255.0

ip tcp adjust - mss 1452

duplex half

M. Yousuf Faisal

Information Security Consultant

8 years of professional work experience in Data

Networks and Information Security. He’s based in

Hong Kong as an Information Security Consultant

in Hill & Associates Ltd. He has a diversified

experience working for different industries mainly in

professional services/consulting firm, private enterprise

manufacturing concern, ISP operations and telecoms

sectors. He’s also certified as an EnCE, PCI-QSA,

CISSP, CISA, CCNP, CCNA, and MCSA.

1/2009

CISCO

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: