Hello, I have an interesting question. I can''t find a solution anywhere to this problem. I have an adsl connection which is able to send a full data packet in about 150ms. I want to cut this time down to decrease latency while serving files, so I thought I''d try and reduce the packet size for the offending upload streams (my webserver). The trick is that I also want all other tcp connections to have the normal full packet size. Enter MSS-clamping. My pppoe client for linux can do mss clamping on every packet that goes out and come in. Not enough control. There is an option to do mss-clamping in iptables, however this only works in the forward table. I can''t match and control outgoing web connections, just connections getting routed through the machine. Any ideas? -Ross Skaliotis
Hi, MSS can be clamped per route. See ip tool and LARTC howto for syntax. I''m using it with great success. devik> MSS-clamping. My pppoe client for linux can do mss clamping on every > packet that goes out and come in. Not enough control. There is an option > to do mss-clamping in iptables, however this only works in the forward > table. I can''t match and control outgoing web connections, just > connections getting routed through the machine. Any ideas?
On Mon, Feb 25, 2002 at 12:13:53AM -0500, Ross Skaliotis wrote:> Hello, > > I have an interesting question. I can''t find a solution anywhere to this > problem. > > I have an adsl connection which is able to send a full data packet in > about 150ms. I want to cut this time down to decrease latency while > serving files, so I thought I''d try and reduce the packet size for the > offending upload streams (my webserver). The trick is that I also want all > other tcp connections to have the normal full packet size. Enter > MSS-clamping. My pppoe client for linux can do mss clamping on every > packet that goes out and come in. Not enough control. There is an option > to do mss-clamping in iptables, however this only works in the forward > table. I can''t match and control outgoing web connections, justControl and outgoing can be done with regular MTU settings. Just lower the MTU size of your ppp interface and the kernel will set a lower MSS automatically. You can also set MTU per route. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
> > other tcp connections to have the normal full packet size. Enter > > MSS-clamping. My pppoe client for linux can do mss clamping on every > > packet that goes out and come in. Not enough control. There is an option > > to do mss-clamping in iptables, however this only works in the forward > > table. I can''t match and control outgoing web connections, just > > Control and outgoing can be done with regular MTU settings. Just lower the > MTU size of your ppp interface and the kernel will set a lower MSS > automatically.Be VERY careful when doing it. There is too many websites blocking MTU discovery protocol and you will be no longer able to reach them. These system maintainers should be shot. :-\ Setting max MSS in route is better way ..> You can also set MTU per route.you probably wanted to say MSS here ? devik
On Mon, Feb 25, 2002 at 12:58:54PM +0100, Martin Devera wrote:> > > other tcp connections to have the normal full packet size. Enter > > > MSS-clamping. My pppoe client for linux can do mss clamping on every > > > packet that goes out and come in. Not enough control. There is an option > > > to do mss-clamping in iptables, however this only works in the forward > > > table. I can''t match and control outgoing web connections, just > > > > Control and outgoing can be done with regular MTU settings. Just lower the > > MTU size of your ppp interface and the kernel will set a lower MSS > > automatically. > > Be VERY careful when doing it. There is too many websites blocking > MTU discovery protocol and you will be no longer able to reach them. > These system maintainers should be shot. :-\ > Setting max MSS in route is better way ..Not for locally generated packets - if you lower MTU, MSS will get set too. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
> > Be VERY careful when doing it. There is too many websites blocking > > MTU discovery protocol and you will be no longer able to reach them. > > These system maintainers should be shot. :-\ > > Setting max MSS in route is better way .. > > Not for locally generated packets - if you lower MTU, MSS will get set too.At my production server when I set MTU to 640 (I hoped in better link utilization) I suddenly was not able to reach some webs from it. I discovered that the are sending me 1500 byte packets with DF set and they didn''t pay atttention to my MTU. It is obvious problem in MTU discovery. You are roght that MSS is set to MTU but it is bad luck it you have small MSS but you can''t reach some hosts. MSS setting for routes works well for me even for localy generated flows. Is there some problem I don''t see ? regards, devik
Yes, but is this able to sort streams by tcp port? -Ross On Mon, 25 Feb 2002, Martin Devera wrote:> Hi, > > MSS can be clamped per route. See ip tool and LARTC howto > for syntax. I''m using it with great success. > devik > > > MSS-clamping. My pppoe client for linux can do mss clamping on every > > packet that goes out and come in. Not enough control. There is an option > > to do mss-clamping in iptables, however this only works in the forward > > table. I can''t match and control outgoing web connections, just > > connections getting routed through the machine. Any ideas? > >
Hmm .. IIRC the fwmark can be used as routing key. It might do the trick. Am I right Bert ?> Yes, but is this able to sort streams by tcp port? > > > MSS can be clamped per route. See ip tool and LARTC howto > > for syntax. I''m using it with great success. > > devik
On Mon, Feb 25, 2002 at 02:23:48PM +0100, Martin Devera wrote:> At my production server when I set MTU to 640 (I hoped in better link > utilization) I suddenly was not able to reach some webs from it. I > discovered that the are sending me 1500 byte packets with DF set and > they didn''t pay atttention to my MTU. It is obvious problem in MTU > discovery. > > You are roght that MSS is set to MTU but it is bad luck it you have > small MSS but you can''t reach some hosts. > > MSS setting for routes works well for me even for localy generated > flows. Is there some problem I don''t see ?No ;-) -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
> > discovery. > > > > You are roght that MSS is set to MTU but it is bad luck it you have > > small MSS but you can''t reach some hosts. > > > > MSS setting for routes works well for me even for localy generated > > flows. Is there some problem I don''t see ? > > No ;-)So short reply to my long mail ;-)) You are probably really short of your tea ;) By the way I finally read your man pages - good work. Once I finish new htb I could write FIXME parts. devik
On Mon, Feb 25, 2002 at 02:44:56PM +0100, Martin Devera wrote:> Hmm .. IIRC the fwmark can be used as routing > key. It might do the trick. Am I right Bert ?I think it might! -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO