SRX Services Gateway
SRX Services Gateway

all-tcp mss setting required, but why?

[ Edited ]

We have an SRX320 that uses a BT VDSL connection with an MTU of 1492. We have to use an all-tcp mss setting of 1350. In theory, this should be 1452, but I have also read somewhere in Juniper documentation a value of MTU-60 is recommended i.e. 1432. However, neither of these values allow for successful internet browsing. We have identical setups elsewhere which require no specific MSS setting. 1350 seems to the be the sweet spot on this router, but my question is why given the tried and tested calculations out there?

SRX Services Gateway

Re: all-tcp mss setting required, but why?


You are right, 1452 should work.  1492  - 20 bytes for IP header  - 20 bytes for TCP header.

You can try to tracert to from one of the inside hosts and then ping each hop with specified buffer size to find maximum allowed MTU.

Under windows

tracert -d
ping -l 1458 <ip>

If devices along the path respond to ping you will be able to find the bottleneck.


Regards, Wojtek