Hierarchy of operation, Setting the mss value at the global level, Setting the mss value at the virtual server level – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 132

Advertising
background image

118

ServerIron ADX Security Guide

53-1002440-03

Configuring Syn-Proxy

5

Virtual server lever – configures the TCP MSS value for all virtual ports under a specified virtual
server

Virtual port level – configures the TCP MSS value for a specified virtual port

Destination IP – configures the TCP MSS value for pass-through traffic to a specified
destination IP address

NOTE

tcp-mss will work when syn-proxy is enabled. If syn-proxy is turned off, tcp-mss will not take effect.

If the configured mininum MSS is larger than the client's actual MSS value, the ServerIron ADX will
use the client's MSS value in SYN-ACK.

Hierarchy of operation

When multiple levels of the minimum MSS value are configured, the MSS value used by the
ServerIron ADX is determined by the following hierarchy.

1. Virtual Port Level – Values configured at this level take precedence over any other MSS setting

on the ServerIron ADX.

2. Virtual Server level – Only values configured at the Virtual Port level take precedence over MSS

values configured at this level.

3. Global level – Values configured at this level take effect over all SYN-ACK packets generated by

a ServerIron ADX unless the MSS value is configured at one of the levels previous described in
1, 2 or 3.

Setting the MSS value at the global level

To globally set the MSS value for all SYN-ACK packets generated by a ServerIron ADX, use the
following command:

ServerIronADX(config)# tcp-mss 128

Syntax: [no] tcp-mss <mss-value>

The <mss-value> variable specifies MSS value for all SYN-ACK packets generated by the ServerIron
ADX regardless of the client’s MSS value. This value can be from 64 to 9216. Make sure that the IP
MTU of the interfaces is always greater than the MSS value.

NOTE

When tcp-mss is configured at the global level, the same value will work for both IPv4 traffic and IPv6
traffic.

Setting the MSS value at the virtual server level

To set the MSS value for all of the ports under a virtual server on a ServerIron ADX, use the
following command:

ServerIronADX(config)# server virtual-name-or-ip v1

ServerIronADX(config-vs-v1)# tcp-mss 128

Syntax: [no] tcp-mss <mss-value>

Advertising
Popular Brands
Popular manuals