Configuring TCP Attributes

Configuring TCP attributes involves the adjustment in the TCP timer, the size of a TCP sliding window, and TCP Maximum Segment Size (MSS).

Context

The TCP attributes are as follows:

SYN-WAIT timer

TCP starts the SYN-WAIT timer before sending SYN packets. If no response packets are received after the SYN-WAIT timer expires, a TCP connection is terminated.
FIN-WAIT timer

The FIN-WAIT timer starts after a TCP connection changes from FIN_WAIT_1 to FIN_WAIT_2. If no FIN packets are received after the FIN-WAIT timer expires, a TCP connection is terminated. If FIN packets are received, the TCP connection changes to the TIME_WAIT state. If non-FIN packets are received, TCP restarts the SYN-WAIT timer upon receiving the last non-FIN packet and terminates the TCP connection after the SYN-WAIT timer expires.
TCP sliding window size

The TCP sliding window size is size of the buffer for sent and received packets on a TCP socket.
MSS

The MSS of a TCP packet is the maximum length allowed for a TCP packet sent from the peer end to the local end. After a TCP connection is established, both ends notify each other of their MSSs in TCP packets. After recording the peer end's MSS, the local end only sends TCP packets smaller than the MSS. If a TCP packet from the peer end is smaller than the local end's MSS, the packet is not segmented; otherwise, the peer end must send the packet after segmenting it.

Modifying TCP attributes greatly affects the packet forwarding. Exercise caution when performing this operation. Unless otherwise specified, use the default values.

Procedure

Access the system view.
```
system-view
```
Set the SYN-WAIT timer of setting up TCP connections.
```
tcp timer syn-timeout interval
```
The default SYN-WAIT time is 75 seconds.
Set the FIN_WAIT timer of setting up TCP connections.
```
tcp timer fin-timeout interval
```
The default FIN-WAIT time is 675 seconds.
Set the TCP window size of the TCP socket.
```
tcp window window-size
```
The default size is 8 KB.
Set MSS parameters.
The MSS parameters include the MSS value, minimum MSS value, and maximum MSS value. When a TCP connection is set up, the two ends notify each other of the MSS value of the local end, and then negotiate the final MSS value based on the MSS value advertised by both ends and the minimum and maximum MSS value.
1. Run the firewall tcp-mss {mss-value | keychain enable} command to configure TCP MSS values.
  
  Set the MSS of TCP packets only takes effect on subsequent TCP connections, not established ones.
2. Run the tcp min-mss min-mss command to configure the minimum MSS value for a TCP connection.
3. Run the tcp max-mss max-mss command to configure the maximum MSS value for a TCP connection.
The MSS advertised by the local end is min (interface MTU – 40, MSS configured on the local end). If PPPoE is used for setting up an uplink, the MSS advertised by the local end is min (interface MTU – 48, MSS configured on the local end).
The negotiated MSS is min (interface MTU – 40, MSS configured on the local end, MSS advertised by the remote end). If PPPoE is used for setting up an uplink, the negotiated MSS is min (interface MTU – 48, MSS configured on the local end, MSS advertised by the remote end).
- If the negotiated MSS is less than or equal to the configured minimum MSS value, the minimum MSS value takes effect to prevent DDoS attacks caused by overly small MSS values.
- If the negotiated MSS is greater than or equal to the configured maximum MSS value, the maximum MSS value takes effect. Otherwise, TCP packets may be larger than the MTU and therefore discarded.