All about IP MTU and IP TCP MSS

 Today I am going to talk about IP MTU and IP TCP MSS. I will discuss a little introduction on both of these and then I will use both together for a single tunnel. This article is basically to show you guys how they are tie together with each other.

Fig 1.1- IP MTU and TCP MSS

Let's talk about both one by one followed by configuration.

About IP MTU

  1. Sets the maximum transmission unit (MTU) size of IP packets that are sent on an interface. If the df-bit [don't fragment] is set, then the packets exceeding the MTU size would be dropped
  2. IP MTU operates at Layer 3
  3. To set ip mtu, use the "ip mtu" command in interface configuration mode as shown below. The following example shows how to set the maximum IP packet size on a serial interface to 300 bytes:
    NDNA(config)# interface serial 0
    NDNA(config-if)# ip mtu 300
  4. If an IP packet exceeds the MTU size that is set for the interface, the Cisco software fragments the IP packet. 
Note that changing the MTU value (by using the mtu interface configuration command) can affect the IP MTU value. 

If the current IP MTU value is the same as the MTU value and you change the MTU value, then the IP MTU value is modified automatically to match the new MTU value. However, the reverse is not true; changing the IP MTU value has no effect on the MTU value. 

  1. Adjusts the maximum segment size (MSS) value of TCP synchronize/start (SYN) packets that go through a router
  2. When a host (usually a PC) initiates a TCP session with a server, the host negotiates the IP segment size by using the MSS option field in the TCP SYN packet. The value of the MSS field is determined by the maximum transmission unit (MTU) configuration on the host. The default MSS size is 1460 bytes, when the default MTU of the containing IP datagram is 1500 bytes.
  3. The "ip tcp adjust-mss" command helps prevent TCP sessions from being dropped by adjusting the MSS value of the TCP SYN packets
  4. The "ip tcp adjust-mss" command is effective only for TCP connections that pass through the router. The following example shows how to set ip tcp mss on an interface
    NDNA(config)#interface ethernet0/1
    NDNA(config)#ip tcp mss 1460
  5. TCP MSS operates at Layer 4. It is 40 bytes lower than the IP MTU as it does not take headers into consideration (20 byte IP header and 20 byte TCP header).
  6. When applied to a router's interface, the router will monitor this interface's incoming and outgoing traffic, looking for SYN packets (which is where hosts define their MSS). 
When it sees a SYN packet, it will automatically change the MSS field to the size that you specified using the command above. When the receiving host receives the SYN packet, it will see the new MSS that was set by the router, and will reply with an MSS equal to or less than the one specified by the initiating host.

How these IP MTU and IP TCP MSS tie together?
Let us look at an example where an interface is configured with both ip mtu and ip tcp mss statements.
     NDNA(config)#int tunnel 1
     NDNA(config-if)#ip mtu 1400
     NDNA(config-if)#ip tcp mss 1360
In the above example, the ip mtu is set to 1400 which means any packet size greater than 1400 bytes will be fragmented. This is where tcp mss config come into play because it is set to 40 bytes lower than the "ip mtu", it will modify the MSS field in the packet before transmitting out.
Also note setting the IP MTU and the MSS does not guarantee that packets won't be fragmented or dropped on their way to their destination. This is because each router the packet passes on its way to the destination will be configured differently, and may have different MTU sizes on their interfaces.