Hi,

I know this has been discussed several times in the forums, but I am still unclear and would appreciate some clarification. I currently have several RB450G's running 5.2 that are acting as PPPoE Servers in the field. We are noticing that occasionally, we will have a user that complains that he is not able to access certain sites, or the sites load very slowly. It appears we have a MTU issue. Only maybe 2 out of 50 users on any given RB450G are experiencing this problem.

After reading the FAQ and the forums, it appears there are a few solutions. One is to set the "Change MSS" option on the PPPoE profile. This isn't the best solution though, since it creates dynamic MSS mangle rules for every PPPoE session which can be taxing on the RB's CPU with so many PPPoE users. Another, is to create one static mangle firewall rule as the FAQ states:

Use /ip firewall mangle to change MSS (maximum segment size) 40 bytes less than your connection MTU. For example, if you have encrypted PPPoE link with MTU=1492, set the mangle rule as follows:

/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss tcp-mss=!0-1448 new-mss=1448

I added this rule to my RB, but the user is still experiencing issues. At the user end of the client connection, my CPE (Motorola Canopy SM) is connected directly to the end user's computer. The SM is performing NAT. The SM and the PPPoE server are reporting a MTU of 1480. This should leave 12bytes of overhead for PPPoE which should be plenty (only need 8bytes).

The FAQ states that you should create the MSS rule to be 40 bytes less than your MTU. It then says that if you have a PPPoE link with a MTU of 1492, to change the MSS to 1448. That is 44bytes, not 40bytes as the instructions state. Am I missing something?

Could the MTU settings on the client's PC be causing this problem? How can I go about further troubleshooting this issue?

Thanks!

Ethernet header can be bigger than 40 bytes. MSS is changed by 44 bytes just to be sure.

So, since the PPPoE server and CPE are actually reporting a MTU of 1480, should I change the MSS to 1480 - 44 = 1436?

Yes.

Thanks, I'll try this. Should the "Change TCP MSS" in the PPPoE profile be set to "default" or "no"?

I appreciate the help.

If you are adding manually change MSS rule, then set change-mss to no

Thanks, this appears to have fixed the problem.

Hello, I appreciate it, I can help, I have pppoe on my network server and dhcp server, in the configuration I have MTU in 1480, and change the MSS 1400, 1410 and in every case I have problems with hotmail and yahoo page. That way I can find the correct value of the setting of the MSS.
Thank you.

<ADSL MODEM>====< RB750G>===<NETWORK SWITCH>====<USER COMPUTERS>

Hi, I have recently bolted in a 750G(ROS v5.6) into my works local internet in order to keep a closer eye on users and there data usage.
The ADSL modem runs PPPoE and I use IP to link the modem and 750G rather than using the 750G as a PPPoE client.

I set the750G up with a masquerade srcnat firewall rule. This configuration seemed to be working well, up until users tried to get to get to there Hotmail accounts. I tested hotmail with a PC directly connected to the adsl modem, and I have no issues there, yet if I'm on the network switch side of the network Hotmail hangs with no page shown(other web sites seem to work great). This seems to fit in with this thread.

The posts I have read so far seem to suggest that the router in other peoples examples is using PPPoE Client mode, and in my case I am not doing that.

What is do people recommend I try on the 750G up first to try an sort this issue out. The ADSL modem is a Billion 7800nl(and there is no MTU/MSS menu !!Evil Billion!!) The ADSL Internet connection is via PPPoE..