TCP MSS Adjustments (Updated February, 2023)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Community Team Member

 

TCP MSS Adjustments (Updated February, 2023)TCP MSS Adjustments (Updated February, 2023)

 

The Maximum Transmission Unit (MTU) specifies the largest amount of data that can be transmitted by a protocol in one TCP segment. The MTU size of an Ethernet interface is 1500 bytes by default. If you take out the 20 bytes for the IP header and the 20 bytes for the TCP header, then you are left with the remaining 1460 bytes of the payload that can be transmitted in one frame. This is what we refer to as TCP MSS (Maximum Segment Size).
 
The larger it is, the less overhead you have but the more retransmits you'll get in case of a problem. The larger frame also means increased latency due to time necessary to transmit. The smaller it is, the more overhead you'll have but less to retransmit if there is a problem. For the implementation of ethernet, 1500 was picked as a compromise value.
 
That said, it might be useful to tweak it's size to best fit your network.
 
This option is configurable as seen in the illustrations below:
  

Network > InterfacesNetwork > Interfaces

 

 

 


A common use case for this would be tunneled traffic. Tunneled traffic generally adds a certain number of bytes to the original size of the packet because of the ESP header. 
 
Note: depending on the encryption algorithm used, the ESP header may vary in size. 
 
If the MTU on a device is hard set using this info it is possible for the tunnel to fail and break any path MTU algorithm.
 
Enabling the option "Adjust TCP MSS" and adjusting the  MSS on the interface terminating the tunnel will resolve that issue by adjusting the MTU to compensate for the extra encapsulation.
 
If you don't, the resulting tunneled packet might end up to be larger than 1500 bytes, causing slowness and sluggishness between IPSEC peers due to packet fragmentation.
 
Below are some links offering extra information:
 

 

Share your experience on where and when you changed the MTU/MSS settings! 

 

Thank you for taking time to read this blog!

 

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

 

As always, we welcome all questions, comments and feedback in the comments section below.

 

Kiwi out!

 
  • 30895 Views
  • 0 comments
  • 6 Likes
Register or Sign-in
Labels
Top Liked Authors