Hi, Normally you would see ICMP "message too big" errors on the network. Sometimes those ICMP messages get blocked on a firewall and fail to reach their destination. Make sure that RELATED connections are allowed by any stateful firewalls in the network. I know TCP MSS can be set per route, but I usually stick to TCP MSS clamping via netfilter. https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html gives a good example, but use POSTROUTING instead of FORWARDING when using those rules on the endpoints. If all else fails, the --set-mss option can be used to test even lower values and stick a hard coded value on it to validate your assumptions. Kind regards, Erwin On Tue, Nov 29, 2022 at 1:47 AM L A Walsh <suse@tlinx.org> wrote:
I use a 9k mtu on my 10gb network @ home -- only exists between my desktop & my server where it can be worthwhile.
Bridged to that NW is a 1gb, 1.5k mtu network use for my home IOT (Internet of Things) This works for administrative traffic, for the most part, but in gaining some new 'things', some wish to talk to a media/file server on the higher BW net.
Someone referred me to possibly using tcp mss clamping, though they were using it in the context of a VPN tunnel which I'm not using.
I'm wondering if it is as simple as installing routes with mtu clamping so hosts wanting(needing) to goto a smaller mtu would take the appropriate network and talk with smaller packets. Seems there maybe something missing there since some traffic can be ip-level w/no tcp in play (ex: dns). Doesn't seem that would really work too well...
Has anyone had any experience w/this type of setup?
tnx!