Got it

What are MTU and MSS

Latest reply: Apr 26, 2019 22:32:43 1046 1 0 0


The Maximum Transmission Unit (known as the MTU) stands for the maximum bytes that the can be transfered by the ethernet frame. The MTU usually equals to the payload of the etnernet frame, its common value being 1500 bytes.

The MTU is related to the link data protocol. Due to electrical limitations of Ethernet transmission, the ethernet frames has a smallest value, 64 bytes and can't exceed 1518 bytes. The frames which have a length shorter than 64 bytes or longer than 1518 bytes will be considered as abnormal frames, and will be discarded by the device.


The network layer protocol is also realted to the MTU. For the upper layer beyond the network layer (for example, the TCP/IP protocol family), they do not care about the size of the data. They will hand it over to the network layer. The IP protocol checks the size of each packet from the upper layer protocol and determines whether to fragment the data according to the MTU of the device. The disadvantage of fragmentation is to reduce the transmission performance.


For the UDP protocol, it is a connectionless-oriented protocol. It does not care much about the order in which packets arrive and whether they arrive correctly. Therefore, UDP applications have no special requirements for fragmentation. However, it is different for the TCP protocol, which is a connection-oriented protocol. TCP is very concerned about the order in which packets arrive and whether errors occur during transmission. Some upper-layer applications require data to be fragmented for some reason, so a tag is added to the IP packet header: DF (Donot Fragment). Thus, when the IP packet is transmitted, if the MTU is less than the IP packet, the device discards the packet and returns an error message to the sender, which often causes some communication problems.


The default MTU value for different data link layer protocols are not the same. For example, for Ethernet, the default MTU is 1500 bytes and 296 bytes for the PPP protocol.




The MSS, or Maximum Segment Size is the largest data segment that a TCP packet can transmit at a time. In order to achieve the best transmission effect, the TCP protocol usually negotiates the MSS values of the two parties when establishing the connection. This value is often replaced by the MTU value when the TCP protocol is implemented. (The size of the IP packet header and the TCP data needs to be subtracted. so the MSS is usually 1460). The two parties will determine the maximum MSS value for this connection based on the minimum MSS value provided by both parties.


The devices at both ends of the TCP connection negotiate the size of the TCP MSS in the three-way handshake. The specific process is as follows:


The A side sends a syn message, where the mss field filled in by the option option is a. Similarly, after receiving the syn message, the B end sends a syn + ack message response, and the mss field filled in the option option is b; the negotiation will compare The size of the mss field in the syn and syn+ack messages, and the smaller mss is chosen as the size of the transmitted tcp fragment. For a network that involves mpls l3VPN, pppoe + nat, ipsec, l2tp, and gre, the packet needs to be fragmented because the packet is too large after being encapsulated multiple times. Generally, the packet can be resolved by setting tcp mss.


Here is an example of tcp mss value negotiation:


Topology: PC------USG------(internet)-------SERVER


1. Assume that the network port of the USG is configured with tcp mss 1200.

When the USG receives the syn+ack packet from the server, it will modify the mss field in the option to 1200, and then forward it to the PC. After receiving the packet, the PC considers that the tcp mss of the peer is 1200, so the PC sends 1200 to the server. As the fragment size; but the USG does not know the operation server that the tcp mss is 1200, so the server will send the message with the fragment size of 1460.


2. Assume that tcp mss 1200 is configured on the USG external network port.

When the USG receives the syn message from the PC, it will modify the mss field in the option to 1200 and then forward it to the server. The same server will send the data to the PC with 1200 as the fragment size. Similarly, the PC does not recognize that the USG changes the tcp mss to 1200, because the PC will also send messages with a slice size of 1460.


3. If you want to implement two-way jumbo packet transmission, you need to modify the tcp mss at the same time in the internal and external network.

In summary, the tcp mss command configured on the USG interface is valid only for the syn message and the syn + ack packet in the outbound direction. It is invalid for the syn and syn + ack packets in the inbound direction.


The difference between MTU & MSS


MTU=MSS+IP header+TCP header+link data layer overhead+encrypted packet header; MTU detects both UDP and TCP packets. When the packet length exceeds the set value, if the DF=0, the segmentation is performed. If DF=1, the packet will be discarded and an ICMP packet with Type3 Code 4 will be returned (ICMP Destination Unreachable-Fragmentation Needed and DF Set), this ICMP reply will contain the link MTU. After receiving the it, the device will adjust the size of the MSS so that it can be transferred without fragmentation. If the devices denies all ICMP messages, MSS adjustments cannot be made.


MSS is actually the TCP message payload size. Generally, when the client and the server establish a TCP connection, the TCP window size MSS needs to be negotiated according to the actually transmitted packet size. After the TCP connection established, the sliding window negotiation will be performed twice, one is between the PC and SERVER, another is between the PC and the gateway, and then selecting a smaller value as the window size to send the messages.

  • x
  • convention:

MVE Created Apr 26, 2019 22:32:43 Helpful(0) Helpful(0)

Thanks for sharing.
View more
  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits


Huawei Enterprise Support Community
Huawei Enterprise Support Community
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.