[H-GEN] adsl help

Tony Nugent tony at linuxworks.com.au
Fri Feb 7 18:20:56 EST 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Sat Feb 08 2003 at 07:19, David Duffy wrote:

> >Setting up and ADLS modem is just as easy. I use Roaring Penguin PPPoE
> >(don't know who doesn't) on Mandrake 9.0 boxes.
> 
> This is assuming a dynamic IP. If using a static IP ADSL connection, you don't
> need any software. The modem appears as another direct IP address.

Wow, that's interesting.  So then there's no "overhead" with packet
sizes?  If so, then oh so sweet - a permanent IP is what I want!! :)

In my experience using adsl (with pppoe and dynamic IP) there are
some quirks to know about that involve having to do MSS clamping to
limit the maxumim size of tcp packets.  It can sometimes be a real
problem.

Some background:

  MSS = maximum segment size, which is one of the parameters
  negotiated when setting up a tcpip session.  For ethernet this is
  usually 1460 bytes/packet

  This is an example of the start of a standard tcp session (using
  ssh over ethernet), note the mss negotiation setting...

  08:35:44.418255 192.168.2.1.35695 > 192.168.2.11.ssh: S 2360269115:2360269115(0) \
      win 5840 <mss 1460,sackOK,timestamp 168511975 0,nop,wscale 0> (DF)
  08:35:44.421607 192.168.2.11.ssh > 192.168.2.1.35695: S   2376714027:2376714027(0) \
      ack 2360269116 win 5792 <mss 1460,sackOK,timestamp 161393675 168511975,nop,wscale 0> (DF)

  All well and good, but if you are using transport methods that
  limit the physical packet size, then the mss must be set so that
  the negotiated packet size is no bigger than the capabilities of
  the "transport media".

  ipip tunnels are one classic example... the encapsulation of the
  tunnelled traffic involves adding overhead with an extra tcpip
  header (20 bytes?) wrapped around the payload, thus effectively
  increasing the size of the resulting packet.

  Usually mss parameters are wide enough to cope (ethernet mtu is
  1500 bytes) so this is often not a problem, but when the ipip
  packet itself goes through yet another tunnel (or pppoe) that adds
  yet more overhead, then things can quickly come to a sudden and
  puzzling halt.

  pppoe is ppp-over-ethernet (an "encapsulation" protocol), and if
  the box is acting as a gateway router for a lan, then mss clamping
  with MSS is usually set at 1412 bytes (in its config file).  If
  you are using ipip over adsl then it simply won't work well at all
  unless mss is set even lower for that traffic.

  Classic example where this problem can bite:  doing nfs over an ip
  tunnel, where that tunnel goes over an adsl connection.  Ouch :)

  mss clamping can be controlled to some degree by iptables to alter
  the mss value in syn packets, although it is not at all well
  documented.  Here is example of using it:

    iptables -A FORWARD -o tunl0 \
       -p tcp -m tcp --syn \
       -m tcpmss --mss 1401:2000 -j TCPMSS --set-mss 1400

Cheers
Tony

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list