MikroTik

Posted: **Fri Jan 15, 2021 6:42 pm**

I'd like to host some files on some of my routers, but I need them to transfer in small packet sizes (for testing purposes). I am starting by attempting to setup communications with limited MTU.

Is it possible to do this on a normally configured and functioning router?

I have tried adding:

/interface bridge add mtu=100 name=bridge-ftp-test
/ip address add address=10.2.2.2 interface=bridge-ftp-test network=10.2.2.2

However, communications still work at a standard 1500 MTU, I think since pinging that IP is all internal to the CPU. I do want all other traffic to work at a standard L3 1500 MTU, but not this particular connection.

I know I can make it work with a separate router and the appropriate MTU configurations for the ports, but I'd like to see if it can be done internally.

Thank you, Chris

Posted: **Fri Jan 15, 2021 8:20 pm**

If files are transferred using TCP, use firewall-mangle rules to clamp MSS to your desired value

Posted: **Sat Jan 16, 2021 5:14 am**

If files are transferred using TCP, use firewall-mangle rules to clamp MSS to your desired value

Although FTP is using TCP for the transfer, I can't seem to get it to work using MSS changes. As a test, I setup 2 routers (one as the FTP server, one fetching a file). Changing the MSS doesn't change anything in this configuration, not on either side of the link. Limiting MTU does work. Testing reveals the smallest L3 MTU I can run is 96 and still get an FTP transfer to start.

Edit: actually, something else is going on. The MSS isn't actually changing using the adjusted suggested code from the wiki:

/ip firewall mangle 
add out-interface=ether5 protocol=tcp tcp-flags=syn action=change-mss new-mss=100 chain=forward tcp-mss=101-65535

It appears, MSS cannot be changed on receipt (cannot be changed on input or prerouting stages) so it cannot be changed on the FTP server itself. Please correct me if I am wrong here.

Further, it appears MSS cannot be changed on a router making the fetch request. It only succeeds if the router is in the middle, somewhere between the fetch and FTP devices. I must be missing something, but I haven't found it yet. Please let me know if you have any specific suggestions.

Posted: **Sat Jan 16, 2021 2:22 pm**

MSS is negotiated / agreed between end devices during the TCP handshake, so you cant change "incoming" from outside MSS values

Possible reason your mangle rule is not working, is you probably have Fasttrack enabled which bypasses Mangle rules, if Fasttrack is required, you can exclude the TCP handshake part from Fasttrack by adding another accept rule before Fasttrack rule

Posted: **Sun Jan 17, 2021 2:01 pm**

Your mangle rule is in chain forward, but a router is hosting the files. So I'd put mangle rule in output.
Also, as you mention ftp: active ftp has data connection which is opened by server, whereas passiv ftp only uses tcp connections opened by client

Posted: **Thu Jan 21, 2021 8:50 pm**

This is a test arrangement now, so there are no firewall rules at all (and no fasttrack).

I got it working changing the chain to output as suggested by 16again:

/ip firewall mangle 
add out-interface=ether5 protocol=tcp tcp-flags=syn action=change-mss new-mss=100 chain=output tcp-mss=101-65535

Further, I need this to be on the client router, as there is no way to change MSS on an incoming packet.

This works well to get high packet rates with low throughput, but it seems to mess with the TCP window sizing function. I have more to test, but this is the closest solution I have found yet.

Thank you, Chris

MikroTik

FTP Server w/ Small MTU

FTP Server w/ Small MTU

Re: FTP Server w/ Small MTU

Re: FTP Server w/ Small MTU

Re: FTP Server w/ Small MTU

Re: FTP Server w/ Small MTU

Re: FTP Server w/ Small MTU