R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

IP performance optimization configuration

NOTE:

The firewall supports configuring IP performance optimization only in the command line interface (CLI).

Overview

In some network environments, you can adjust the IP parameters to achieve best network performance.

IP performance optimization configuration includes:

• Configuring the maximum TCP segment size (MSS) for the interface

• Enabling the SYN Cookie feature and protection against Naptha attacks

• Configuring TCP timers

• Configuring the TCP buffer size

• Enabling ICMP error packets sending

Configuring TCP attributes

Configuring TCP MSS for the interface

The Max Segment Size (MSS) option informs the receiver of the largest segment that the sender is willing

to accept. Each end announces the MSS it expects to receive during the TCP connection establishment.

The end that receives the MSS value from the other end then limits the size of each TCP segment to be sent.

If the size of a TCP segment is smaller than the MSS of the other end, the TCP segment is sent to the other

end without being fragmented; otherwise, it will be fragmented according to the MSS before being sent.

If you configure a TCP MSS on an interface, the size of each TCP segment received or sent on the

interface cannot exceed the MSS value.

Follow these steps to configure TCP MSS of the interface:

To do… Use the command…

Remarks

Enter system view system-view —

Enter interface view

interface interface-type

interface-number

—

Configure the TCP MSS of

the interface

tcp mss value

Optional

The TCP MSS is 1460 bytes by default.

NOTE:

This configuration takes effect only on TCP connections that are established after the confi

uration rather

than the TCP connections that already exist.