No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

What Are the Principles to Realize TCP MSS on Mid-Range and Low-End Routers

Publication Date:  2012-07-27  |   Views:  82  |   Downloads:  0  |   Author:  g54917  |   Document ID:  EKB0000358618

Contents

Issue Description

Why is TCP MSS 1200 configured on both the intranet and extranet ports? 
 

Alarm Information

Null

Handling Process

The TCP MSS can be realized in the following ways:
1. Suppose TCP MSS 1200 is configured on the intranet port of the router.
a. The router modifies the MSS value to 1,200 when receiving the Syn+Ack packet from the WWW server and then forwards it to PC1. Upon receipt of the packet, PC1 deems the TCP MSS value of the peer is 1,200. Thus, PC1 takes 1,200 as the size of the fragment when sending data to the WWW server. However, the router’s modifying the TCP MSS value to 1,200 is not known to the WWW server. Therefore, the WWW server still sends the packet with 1,460 as the size of the fragment.
2. Suppose TCP MSS 1200 is configured on the extranet port of the router.
a. The router modifies the MSS value to 1,200 when receiving the SYN packet from PC1 and then forwards it to the WWW server. Similarly, the WWW server takes 1,200 as the size of the fragment when sending data to PC1. However, the router’s modifying the TCP MSS value to 1,200 is not known to PC1. Therefore, PC1 still sends the packet with 1,460 as the size of the fragment.
3. That is why the TCP MSS value must be modified on both the intranet and extranet at the same time during transmission of large packets. 
 

Root Cause

The two ends subject to the TCP connection negotiate for the TCP MSS value during the three-way handshake as follows:
For the SYN packet sent from PC1, the value 1,460 is generally given for the MSS field. Similarly, when receiving the SYN packet, the WWW server sends the Syn+Ack packet as the response. In this case, the value 1,460 is also given for the MSS field. The negotiators compare the MSS values of the SYN packet and Syn+Ack packet and choose the smaller MSS field as the size of the TCP fragment. Through the comparison, it turns out that the TCP MSS values of both negotiators are 1,460.
For the networking involving MPLS L3VPN, PPPoE+NAT, IPSec, L2TP, or GRE, generally, the TCP MSS value is set because the packet is so large that it has to be fragmented. 
 

Suggestions

To sum up, the TCP MSS value configured on the interface of the router is effective only to the outgoing SYN packets and Syn+Ack packets and ineffective to the incoming SYN packets and Syn+Ack packets.