Forum Discussion
Jim_Moore
Nimbostratus
NimbostratusProxy MSS
We have a need due to branch router encryption to enable Proxy MSS on our LTM's. When this is enabled my understanding is that client MSS will be passed through so the server sends using client MSS si...
mikand_61525Nimbostratus
NimbostratusAs a followup question to your MSS-question...
F5 market the LTM as a "full-proxy", wouldnt this mean that a F5 virtually never fragment any packets because all flows is proxied through the LTM "full-proxy" engine?
I mean a regular router, lets say Cisco, would (if it have MTU1500 on inside and MTU1200 on outside) fragment packets (if the client send lets say 1500 byte packets without DF bit set) on the outside into 1200 + 300'ish per every 1500 byte packet who arrives on the inside. This also gives that in this case a client who sends 100kpps 1500bytes packets on the inside the router must forward 200kpps 1200+300 byte packets on the outside.
If you use a true proxy the proxy will instead buffer in between so that there are no fragments on the outside. In this case the proxy would send one packet on the outside per every packet that arrives on the inside with an additional extra packet on the outside once the buffer contains a remain that can fit in a full outside packet. If we take the packets per second example a client who sends 100kpps 1500bytes packets on the inside would result in approx 125kpps 1200 bytes packets on the outside if a proxy is being used.