Dear list members,
I am using PPPoE over GPON (FTTH) in Turkiye,HATAY. Provider is
NetInternet Datacenter, Denizli,TR.
We have a written conversation with Turk Telecom to increase MTU from
1492 to 1500 as we use Mikrotik CCR that supports 1508 bytes (baby), 9kb
and 10kb jumbo frames,.
I am running non-commercial R&D network for myself. They responded
negative to their reseller (the datacenter). They do not provide DHCP
over GPON (IPoE) or DotX.
Why would I request that (1500 bytes MTU) while there is TCP MSS clamping?!
Unfortunately i have come to understanding that enabling Mikrotik's TCP
MSS Clamping PPP profile in addition to IPv4+IPv6 clamp-to-pmtu rule;
does not work in both ways.
How did I find that? Added filter rule with LOG action for packet size >
1492 or/and for TCP packets > 1452 MSS. There was lots of packets
by-passing clamping.
After that, I added following rules; and email-loads and page-loads are
much more FASTER! without any renegotiations.
//ipv6 firewall mangle
add action=change-mss chain=postrouting new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=yes
protocol=tcp tcp-flags=syn
add action=change-mss chain=postrouting new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,!syn
add action=change-mss chain=forward new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,!syn
add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=yes
protocol=tcp tcp-flags=syn,!syn
add action=change-mss chain=postrouting new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,ack
add action=change-mss chain=forward new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,ack
add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=yes
protocol=tcp tcp-flags=syn,ack
add action=change-mss chain=postrouting new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,ack,!syn
add action=change-mss chain=forward new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,ack,!syn
add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=yes
protocol=tcp tcp-flags=syn,ack,!syn/
//ip firewall mangle
add action=change-mss chain=postrouting new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=yes
protocol=tcp tcp-flags=syn
add action=change-mss chain=postrouting new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,!syn
add action=change-mss chain=forward new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,!syn
add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=yes
protocol=tcp tcp-flags=syn,!syn
add action=change-mss chain=postrouting new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,ack
add action=change-mss chain=forward new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,ack
add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=yes
protocol=tcp tcp-flags=syn,ack
add action=change-mss chain=postrouting new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,ack,!syn
add action=change-mss chain=forward new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn,ack,!syn
add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=yes
protocol=tcp tcp-flags=syn,ack,!syn/
But couldn't and shouldn't all these possible with single rule? or PPP
profile setting shouldnt consider ACK's and any other flags that can be
added to SYN?!
Thanks for reading and looking forward to HEAR feedback from you all.
Regards
