This document describes the concept and configuration of TCP MSS Adjustment. It also discusses the concept of Maximum Transmission Unit (MTU) and how you can prevent packet drops for websites that have larger packet sizes.
Contributed by Richika Jain, Cisco TAC Engineer.
Cisco recommends that you have knowledge of Point-to-Point Protocol over Ethernet (PPPoE).
The information in this document is based on Generic devices.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
The MTU is the maximum length of data that can be transmitted by a protocol in one instance. For example, the MTU size of an Ethernet interface is 1500 bytes by default, which excludes the Ethernet frame header and trailer, which means, that the interface cannot carry any frame larger than 1500 bytes.This diagram visualizes this concept:
If you look inside the frame, you see a 20 byte IP header + 20 byte TCP header, the 1460 byte that remains, is payload that can be transmitted in one frame. This is refferrd as TCP MSS.
If there is no additional encapsulation carried out on a transiting router, the source device might use the maximum payload length of 1460 bytes without any potential risk of packet fragmentation/drop. This is negotiated at the time of the TCP three-way handshake stage between the source and destination host. However, when a router in transit carries out additional encapsulation, it adds an additional label header which eventually increases the size of the frame that exits a transiting router. The maximum MTU of an interface will depend on the hardware platform, but the IEEE 802.3 standards require a minimum MTU of 1500 bytes.
PPPoE needs additional 8 bytes and truncates the Ethernet MTU to 1492, and if the effective MTU on the hosts is not changed, the router in between the host and the server can terminate the TCP sessions. This command IP TCP ADJUST-MSS 1452 is recommended in the PPPoE configurations.
If the source device creates a full size packet with a TCP MSS of 1460 bytes, it is likely that transiting router will drop/fragment the packet. This is bad for our network performance such as issue when you browse websites. So to accommodate websites that have a larger packet sizes, you can shrink the maximum possible TCP MSS size (like 1452 bytes) from the source device. If the router does not signal the source and destination at the time of the TCP handshake, the optimal TCP MSS could potentially create a dropping/fragmentation problem.
The issue might not be present when you browse all the websites but could be seen with some webesites. The reason behind this is that the packet sizes it creates to reach them (which depends on the hardware that is in between). For websites which will create larger packet sizes, if you don’t use ip tcp adjust-mss command then any bigger packet will be dropped.
To troubleshoot the issue that is seen when you browse some websites, command IP TCP ADJUST-MSS 1452 should be configured on the interface that points to the LAN interface.
2. Configure Terminal
3. Interface Type Number
4. Ip tcp adjust-mss max-segment-size // Adjusts the MSS value of TCP SYN packets that goes through a router. The max-segment-size argument is the maximum segment size, in bytes. The range is from 500 to 1460.
5. Ip mtu bytes // Sets the MTU size of IP packets, in bytes, sent on an interface.
Use this section in order to confirm that your configuration works properly.
Verify the configuration of the TCP MSS adjustment.
ip address 10.0.0.1 255.0.0.0 ip tcp adjust-mss 1452
Telnet from router A to router B.
TCP: sending SYN, seq 886170752, ack 0
TCP0: Connection to 18.104.22.168:23, advertising MSS 536
tcp0: O CLOSED 22.214.171.124:23 126.96.36.199:11008 seq 886170752
OPTS 4 SYN WIN 4128
Observe the debug output on router B.
tcp0: I LISTEN 188.8.131.52:11008 184.108.40.206:23 seq 886170752
OPTS 4 SYN WIN 4128
TCP0: state was LISTEN -> SYNRCVD [23 -> 220.127.116.11(11008)]
TCP0: Connection to 18.104.22.168:11008, received MSS 1452, MSS is 1452
The TCP MSS value gets adjusted to the configured value of 1452.
There is currently no specific troubleshooting information available for this configuration.