SD-WAN

If you notice extremely slow or hanging transfers for clients behind a 128T, your issue may really be the MTU or MSS settings. Here's how to check.

Use the ping command through the 128T PCLI or GUI (Troubleshooting->Ping) to send packets of differing size out your WAN connection to see what is the maximum size allowed through. You want to pick a publicly reachable site like 1.1.1.1 or 8.8.8.8 to ensure you are testing further than just your next-hop gateway. You also want to ensure that you instruct the ping command to set the don't fragment flag.

ping count 4 size 1472 timeout 1 set-df-bit egress-interface <WAN interface> router <router name> node <node name> 1.1.1.1

A size of 1472 is the MSS for ICMP equivalent to a 1500 byte Ethernet frame (20b for IP + 8b for ICMP + 1472b for payload = 1500b). When you determine the largest payload size that will get through, you can convert to your MTU and MSS values:

MTU = payload size + 28 bytes

MSS = payload size - 12 bytes

The reason MSS is smaller is because TCP uses a 20 byte header instead of the 8 bytes used by ICMP.

You should configure these values as the mtu and enforced-mss on the network-interface corresponding to your WAN. This will cause the 128T to fragment any frames larger than the value of mtu and to modify the MSS in outgoing TCP SYN packets to use the enforced MSS value (this instructs the far end not to send back anything larger than this size frame). For inbound TCP sessions coming in this interface, it will modify the MSS in the SYN-ACK returned from the 128T.