- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
The Maximum Transmission Unit (MTU) specifies the largest amount of data that can be transmitted by a protocol in one Transmission Control Protocol (TCP) segment. The MTU size of an Ethernet interface is 1500 bytes by default. If you take out the 20 bytes for the IP header and the 20 bytes for the TCP header, then you are left with the remaining 1460 bytes of the payload that can be transmitted in one frame. This is what we refer to as TCP MSS (Maximum Segment Size). Don't worry, that's the last acronym I'll spell out for you in this blog!
The larger the TCP MSS is, the less overhead you have—but the more that needs to be retransmitted in case of a problem. The larger frame also means increased latency due to time necessary to transmit. The smaller the TCP MSS is, the more overhead you'll have, but less to retransmit if there is a problem. For the implementation of ethernet, 1500 was picked as a compromise value.
That said, it might be useful to tweak it's size to best fit your network. Most commonly, this is applied on tunneled traffic.
Traffic will generally add a certain number of bytes to the original size of the packet for such things as an MPLS header, ESP header or tunneled traffic that has a VLAN tag.
One thing to keep in mind is that the header may vary in size.
Note: If the MTU on a device is hard set it is possible for the tunnel to fail and break any path MTU algorithm. Which is why you would implement TCP MSS adjustments.
For example, if the original packet size is 1465 bytes and the ESP header is 36 bytes, the resulting tunneled packet ends up to be larger than 1500 bytes (MTU), causing slowness and sluggishness between IPSec peers because of packet fragmentation.
Enabling the option "Adjust TCP MSS" to automatically adjust MSS on the interface terminating the tunnel will resolve that issue by adjusting the MTU to compensate for the extra encapsulation.
If you prefer working with the CLI you can use the following commands to enable/configure this feature:
admin> configure
Entering configuration mode
[edit]
admin# set network interface ethernet ethernet1/1 layer3 adjust-tcp-mss enable yes ipv4-mss-adjustment 40
For an actual use-case example/KB article, check out TCP MSS adjustment for IPSec traffic.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
2 Likes | |
1 Like | |
1 Like |
User | Likes Count |
---|---|
4 | |
3 | |
2 | |
1 | |
1 |