Maximum Segment Size

Question

I've got an HTTP Virtual Server fronting a web server, which fronts a back-end application server. Clients connecting to the HTTP virtual server advertise a MSS of 1380. The LTM advertises a MSS of 1460 back to the client. The Proxy Maximum Segment Size option in the tcp profile is disabled, and the entire tcp profile settings are below. The same TCP profile is used on both the internal and external side of the LTM. 
&nbsp;  
&nbsp; As the webserver pumps data from the app server back to the client, the MSS between the LTM and the webserver (the internal side) is 1460 bytes so the TCP window is full. However when the LTM passes this traffic back to the client (the external side), it splits the data into two segments - one full 1380 byte segment, followed by an 80 byte segment. This continues throughout the entire download. 
&nbsp;  
&nbsp; My understanding of the Proxy MSS option is that if enabled, it will simply push the MSS value back to the webserver. At that point, I suspect the webserver will simply split the segments just like the LTM does - one full-size, and one smaller. Since I also suspect the LTM is more efficient at handling reassembly of TCP segments, I would like for the LTM to continue performing this operation. 
&nbsp;  
&nbsp; Is there a way to configure the LTM to receive full 1460 byte segments on the internal interface, and send full 1380 byte segments to the client on the external interface - instead of splitting them into two separate segments? 
&nbsp;  
&nbsp; profile tcp tcp { 
&nbsp;    reset on timeout enable 
&nbsp;    time wait recycle enable 
&nbsp;    delayed acks enable 
&nbsp;    proxy mss disable 
&nbsp;    proxy options disable 
&nbsp;    deferred accept disable 
&nbsp;    selective acks enable 
&nbsp;    ecn disable 
&nbsp;    limited transmit enable 
&nbsp;    rfc1323 enable 
&nbsp;    slow start enable 
&nbsp;    bandwidth delay enable 
&nbsp;    nagle disable 
&nbsp;    ack on push disable 
&nbsp;    md5 sign disable 
&nbsp;    md5 sign passphrase none 
&nbsp;    proxy buffer low 98304 
&nbsp;    proxy buffer high 131072 
&nbsp;    idle timeout 7200 
&nbsp;    time wait 2000 
&nbsp;    fin wait 5 
&nbsp;    close wait 5 
&nbsp;    send buffer 65535 
&nbsp;    recv window 65535 
&nbsp;    keep alive interval 1800 
&nbsp;    max retrans syn 4 
&nbsp;    max retrans 8 
&nbsp;    ip tos 0 
&nbsp;    link qos 0 
&nbsp; } 
&nbsp;

dennypayne · Answer

Enabling Nagle's algorithm should do this: Nagle's attempts to limit the number of small segments on a network by buffering data until it receives the previous ACK. 
&nbsp;  
&nbsp; That being said, I have also seen Nagle's add noticeable latency to an application precisely because it is delaying sending data.  According to the Wikipedia article on Nagle's (Click here) it sometimes interacts badly with Delayed ACKs.  I have not tried disabling those with Nagle's enabled though. 
&nbsp;  
&nbsp; Also, I would create a new profile and leave the built-in tcp one at the default settings. 
&nbsp;  
&nbsp; Denny

smp_86112 · Answer

Yeah, I specifically disabled Nagle because of it's interaction with Delayed Acks. And I have also seen latency improvements. But since it's not possible to disabled Delayed Acks on all the client platforms since we don't have any control over those, disabling Nagle was the only place to mitigate that problem.

smp_86112 · Answer

I tinkered around a bit with the profile options. I found that by enabling "Proxy Maximum Segment Size" on the external side of the connection, the packets sent from the LTM to the client were full - 1380 bytes. This is with Nagle's algorithm disabled, and was my desired effect.  
&nbsp;    
&nbsp;  I took tcpdumps on both sides of the LTM. The Proxy MMS setting resulted in the LTM informing the webserver that the MSS was 1380 - matching the client. But to my surprise, the webserver seems to be sending full-sized 1380 byte segments, instead of splitting them into one full and one small segment like the LTM does.  
&nbsp;    
&nbsp;  Not sure I understand why, but this setting seems to have done the trick.

Forum Discussion

Maximum Segment Size

3 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Network segmentation in an AWS VPC

BIGIP VE maximum connections capability

F5 BIG-IP Sizing Requirement

source address persistence maximum session timeout

sizing the F5 appliance