Table Of Contents
TCP MSS Adjustment
The TCP MSS Adjustment feature enables the configuration of the maximum segment size (MSS) for transient packets that traverse a router, specifically TCP segments in the SYN bit set, when Point to Point Protocol over Ethernet (PPPoE) is being used in the network. PPPoE truncates the Ethernet maximum transmission unit (MTU) 1492, and if the effective MTU on the hosts (PCs) is not changed, the router in between the host and the server can terminate the TCP sessions. The ip tcp adjust-mss command specifies the MSS value on the intermediate router of the SYN packets to avoid truncation.
History for the TCP MSS Adjustment Feature
This feature was introduced.
The command that was introduced by this feature was changed from ip adjust-mss to ip tcp adjust-mss.
This feature was integrated into Cisco IOS Release 12.2(27)SBA.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
How to Configure the TCP MSS Adjustment
This section contains the following procedure:
•Setting the MTU on the Local Hosts (required)
•Verifying TCP MSS Adjustments (optional)
Setting the MTU on the Local Hosts
Perform this task to set the MTU on the local hosts. NAT does not have to be configured to specify the MTU.
2. configure terminal
3. interface type number
4. ip tcp adjust-mss max-segment-size
5. ip mtu bytes
Verifying TCP MSS Adjustments
In the following examples, there are outputs that assist in verifying the TCP MSS adjustments.
Command Configured on Single Interface
Step 1 Configure the interface adjustment value.interface ethernet1/1ip tcp adjust 500
Step 2 Telnet from router A to router C, with B having the MSS adjustment configured.telnet00:09:15:%SYS-5-CONFIG_I: Configured from console by consolenet 126.96.36.199Trying 188.8.131.52... Open
Step 3 Observe the debug output from router C.*Mar 10 14:49:45.045: tcp0: I LISTEN 184.108.40.206:11001 220.127.116.11:23 seq 2012812244OPTS 4 SYN WIN 4128*Mar 10 14:49:45.045: TCP0: state was LISTEN -> SYNRCVD [23 -> 18.104.22.168(11001)]*Mar 10 14:49:45.045: TCP0: Connection to 22.214.171.124:11001, received MSS 500,MSS is 500*Mar 10 14:49:45.045: TCP: sending SYN, seq 1091096877, ack 2012812245
The MSS gets adjusted to 500 as configured.
Command Configured on Two Interfaces
Step 1 Configure the command on both the interfaces using different values.interface Ethernet1/1ip address 126.96.36.199 255.0.0.0ip tcp adjust-mss 505duplex halfinterface Ethernet1/3ip address 188.8.131.52 255.255.255.0ip tcp adjust-mss 500duplex half
Step 2 Telnet from router A to router C,telnet 10.0.1.3Trying 10.0.1.3... Open
Step 3 Observe the debug output from router A.06:06:49: TCP: sending SYN, seq 979045471, ack 006:06:49: TCP0: Connection to 184.108.40.206:23, advertising MSS 536
Step 4 Observe the debug output from router C.I LISTEN 220.127.116.11:11003 18.104.22.168:23 seq 979045471OPTS 4 SYN WIN 4128TCP0: state was LISTEN -> SYNRCVD [23 -> 22.214.171.124(11003)]TCP0: Connection to 126.96.36.199:11003, received MSS 500, MSS is 500
The TCP MSS is successfully adjusted to 500.
Command Used with Process Switching
Step 1 Verify the configuration of the TCP MSS adjustment.Router# show running-config interface ethernet1/1Building configuration...Current configuration: 95 bytes!interface ethernet1/1ip address 10.0.0.2 255.0.0.0ip tcp adjust-mss 505duplex half
Step 2 Telnet from router A to router C.telnet 10.0.1.3Trying 10.0.1.3...TCP: sending SYN, seq 886170752, ack 0TCP0: Connection to 188.8.131.52:23, advertising MSS 536tcp0: O CLOSED 184.108.40.206:23 220.127.116.11:11008 seq 886170752OPTS 4 SYN WIN 4128
Step 3 Observe the debug output on router C.tcp0: I LISTEN 18.104.22.168:11008 22.214.171.124:23 seq 886170752OPTS 4 SYN WIN 4128TCP0: state was LISTEN -> SYNRCVD [23 -> 126.96.36.199(11008)]TCP0: Connection to 188.8.131.52:11008, received MSS 505, MSS is 505
The TCP MSS value gets adjusted to the configured value of 505.
Configuration Examples for TCP MSS Adjustment
This section provides the following examples:
TCP MSS Adjustment Configuration: Example
The following example shows how to configure one interface with CEF switching turned on:interface ethernet1/1ip tcp adjust 500
The following example shows how to configure two interfaces:interface Ethernet1/1ip address 10.0.0.2 255.0.0.0ip tcp adjust-mss 505duplex halfinterface Ethernet1/3ip address 10.0.1.1 255.255.255.0ip tcp adjust-mss 500duplex half
The following sections provide references related to TCP MSS Adjustment feature.
Related Topic Document Title
WAN commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples
Cisco IOS Wide-Area Networking Command Reference, Release 12.3
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
This section documents one new command.
ip tcp adjust-mss
To adjust the maximum segment size (MSS) value of TCP SYN packets going through a router, use the ip tcp adjust-mss command in interface configuration mode. To return the MSS value to the default setting, use the no form of this command.
ip tcp adjust-mss max-segment-size
no ip tcp adjust-mss max-segment-size
If the ip tcp adjust-mss command is not configured, the MSS is determined by the originating host.
This command was introduced.
This command was changed from ip adjust-mss to ip tcp adjust-mss.
This command was integrated into Cisco IOS Release 12.2(27)SBA.
When a host (usually a PC) initiates a TCP session with a server, it negotiates the IP segment size by using the MSS option field in the TCP SYN packet. The value of the MSS field is determined by the maximum transmission unit (MTU) configuration on the host. The default MSS value for a PC is 1500 bytes.
The PPP over Ethernet (PPPoE) standard supports a MTU of only 1492 bytes. The disparity between the host and PPPoE MTU size can cause the router in between the host and the server to drop 1500-byte packets and terminate TCP sessions over the PPPoE network. Even if the path MTU (which detects the correct MTU across the path) is enabled on the host, sessions may be dropped because system administrators sometimes disable the ICMP error messages that must be relayed from the host in order for path MTU to work.
The ip tcp adjust-mss command helps prevent TCP sessions from being dropped by adjusting the MSS value of the TCP SYN packets.
The ip tcp adjust-mss command is effective only for TCP connections passing through the router.
In most cases, the optimum value for the max-segment-size argument is 1452 bytes. This value plus the 20-byte IP header, the 20-byte TCP header, and the 8-byte PPPoE header add up to a 1500-byte packet that matches the MTU size for the Ethernet link.
If you are configuring the ip mtu command on the same interface as the ip tcp adjust-mss command, it is recommended that you use the following commands and values:
•ip tcp adjust-mss 1452
•ip mtu 1492
The ip tcp adjust-mss command does not work on subinterfaces or GRE tunnels.
The following example shows the configuration of a PPPoE client with the MSS value set to 1452:vpdn enableno vpdn logging!vpdn-group 1request-dialinprotocol pppoe!interface Ethernet0ip address 192.168.100.1.255.255.255.0ip tcp adjust-mss 1452ip nat inside!interface ATM0no ip addressno atm ilmi-keepalivepvc 8/35pppoe client dial-pool-number 1!dsl equipment-type CPEdsl operating-mode GSHDSL symmetric annex Bdsl linerate AUTO!interface Dialer1ip address negotiatedip mtu 1492ip nat outsideencapsulation pppdialer pool 1dialer-group 1ppp authentication pap callinppp pap sent-username sohodyn password 7 141B1309000528!ip nat inside source list 101 Dialer1 overloadip route 0.0.0.0.0.0.0.0 Dialer1access-list permit ip 192.168.100.0.0.0.0.255 any