The tcp min-mss command sets the minimum value of maximum segment size (MSS) for a TCP connection.
The undo tcp min-mss command restores the default minimum value of the MSS for a TCP connection.
The default minimum MSS value for a TCP connection is 216 bytes.
| Parameter | Description | Value |
|---|---|---|
| mss-value | Specifies the minimum MSS value for a TCP connection. | The value ranges from 32 bytes to 1500 bytes. By default, the value is 216 bytes. |
Usage Scenario
To establish a TCP connection, the MSS value is negotiated, which indicates the maximum length of packets that the local device can receive. The TCP client on a network may send a request packet for establishing a TCP connection carrying a small MSS value. For example, the MSS value is 1. After the TCP server receives the request packet carrying the MSS value, the TCP connection is established. The TCP client then may send large numbers of requests to the server by an application, causing the TCP server to generate large numbers of reply packets. This may burden the TCP server or network, causing denial of service (DoS) attacks. To resolve this problem, run the tcp min-mss command to set the minimum MSS value for a TCP connection. This configuration prevents a server from receiving packets carrying a small MSS value.
Precautions
The minimum MSS value configured using this command is not the negotiation parameter value carried in the MSS option. The negotiation parameter value carried in the MSS option of packets sent by the local device is calculated based on the MTU value.
The minimum MSS value configured using the tcp min-mss command must be less than the maximum MSS value configured using the tcp max-mss command.
If the tcp min-mss command is run more than once in the same view, the latest configuration overrides the previous one.
Configure the parameters under the guidance of the technical personnel.