TCP MSS adjustments

Community Team Member

The Maximum Transmission Unit (MTU) specifies the largest amount of data that can be transmitted by a protocol in one TCP segment.  The MTU size of an Ethernet interface is 1500 bytes by default.  If you take out the 20 bytes for the IP header and the 20 bytes for the TCP header, then you are left with the remaining 1460 bytes of the payload that can be transmitted in one frame. This is what we refer to as TCP MSS (Maximum Segment Size).

 

The larger it is, the less overhead you have but the more retransmits you'll get in case of a problem. The larger frame also means increased latency due to time necessary to transmit.  The smaller it is, the more overhead you'll have but less to retransmit if there is a problem.  For the implementation of ethernet, 1500 was picked as a compromise value.

 

That said, it might be useful to tweak it's size to best fit your network.

 

Note that prior to PAN-OS 7.1, the option to adjust TCP MSS was configurable as a simple on/off setting, reducing the MSS value by 40 when enabled.  Starting from PAN-OS 7.1, this option is now configurable for IPv4 and IPv6 independently.

As seen in the illustrations below:

Adjust TCP MSSAdjust TCP MSS

 

 

 

Below are some links offering more information on how to go about implementing this and some use-case examples !

 

https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Videos/PAN-OS-7-1-Enhancements-to-TCP-MSS/ta-p/73043

https://live.paloaltonetworks.com/t5/Learning-Articles/TCP-MSS-adjustment-for-IPSec-traffic/ta-p/749...https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Improve-Performance-for-IPSec-Traffi...

 

That's it for me but feel free to leave a comment or ask questions in the comment section below!

 

-Kiwi out!

 

21,595 Views
Ask Questions Get Answers Join the Live Community
Labels