Configuring syn-proxy auto control, Negotiated mss value set – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 93

Advertising
background image

Brocade Virtual ADX Security Guide

81

53-1003250-01

Configuring Syn-Proxy

5

The mss-value variable specifies MSS value for all SYN-ACK packets generated by the Brocade
Virtual ADX for the port specified by the port-value variable regardless of the client MSS value. This
value can be from 64 to 9216. Make sure that the IP MTU of the interfaces is always greater than
the MSS value.

Setting the MSS value for pass-through traffic to a specified destination IP
address

To set the MSS value for Brocade Virtual ADX pass-through traffic to a specified destination IP
address, use the following commands.

Virtual ADX(config)#tcp-mss 128 destination-ip 10.95.55.1

For IPv4

Syntax: [no] tcp-mss mss-value destination-ip ip-address

For IPv6

Syntax: [no] tcp-mss mss-value destination-ipv6 ipv6-address

The mss-value variable specifies MSS value for all SYN-ACK packets that are Brocade Virtual ADX
pass-through traffic to a destination IP address specified by the ip-address variable. This value can
be from 64 to 9216. Make sure that the IP MTU of the interfaces is always greater than the MSS
value.

The ip-address or ipv6-address cannot be a Virtual server IP address.

Negotiated MSS value set

Once the tcp-mss command is configured with the minimum value, the Brocade Virtual ADX will
generate a negotiated MSS value in SYN-ACK base on the configured minimum MSS value. This
MSS value will be the final MSS value after negotiation.

For example, if a user configures tcp-mss 1200, which is in the range of 1024 and 1440, a Brocade
Virtual ADX will use the lower 1024 as the negotiated MSS value in the SYN-ACK.

Configuring Syn-Proxy auto control

Syn-proxy auto control operates the same as the normal Syn-proxy feature except that it is enabled
and disabled based-on the arrival rate of TCP SYN packets on the Brocade Virtual ADX. This is
described in

“Syn-Proxy auto control”

on page 75. The following steps describe how to configure

your Brocade Virtual ADX for Syn-proxy auto control.

TABLE 6

MSS values for IPv4, IPv6 and IPv4 jumbo

MSS value

IPv4

64, 256, 536, 966, 1024, 1440, 1452, 1460

IPv6

1004, 1200, 1220, 1280, 1360, 1420, 1432, 1440

IPv4 Jumbo

256, 536, 966, 1024, 1452, 1460, 4038, 8960

Advertising
Popular Brands
Popular manuals