> 1. change sys/netinet/tcp.h TCP_MSS to 1460
> 2. add a line to /etc/netstart:
> 	/usr/sbin/sysctl -w 'net.inet.tcp.mssdflt=1460'
> 
> What are the real (not theoretical) downsides of this change?

The real world is stranger than theory :-)

At the customer end, our most common size of circuit is still
only 64k, for which a 576 MTU is still more appropriate if they
intend to do character style telnet stuff, which is admittedly
pretty much museuem stuff nowadays :-)  One very common problem
I've seen with servers choosing to shoot 1500 byte packets
around the network is with Path MTU discovery (solaris servers)
hitting "standard" firewall configurations that block ICMP by default.
Someone behind a 576 byte MTU link can't access that server :-)

This problem doesn't affect your scenario which doesn't involve
Path MTU discovery DF bit for now, right ?  It's just background
chat around the issue :-)

One case I have seen that would be affected was a customer
router that could not accept back to back packets.  Of course
1500 byte packets would be fragmented on his 576 byte link
in back to back packets, so he'd never get any data :-(
This kind of case *would* be affected by your suggestion.

How common is the second case ?   I don't know.  I have only
seen it tracked down once.  However it's easily masked by
the first case, because that was pretty common at one point
because it applied to a very popular server in the UK.

I don't know what became of all that though -- I no longer
have direct dealings with that group.  And I think they now
just treat all these problems first by upping the MTU to 1500,
so we lose the distinction between the two cases.
But I hope this is useful background info nonetheless.

-- 
Ronald Khoo <ronald@demon.net> Voice: +44 181 371 1000 Fax: +44 181 371 1150