Automatic TCP-MSS Adjustment

Background

During TCP connection setup, the Options field of SYN or SYN-ACK packets may carry the MSS field to inform the peer device of the maximum segment size that the local device can receive. After the MSS values are exchanged and compared, the smaller MSS value is selected for packet forwarding to ensure that packet fragmentation does not occur. Provided that fragmentation does not occur, larger MSS values allow a greater amount of data to be sent per segment and thereby increase network utilization. Proper MSS value adjustment can minimize the possibility of fragmentation and promote the transmission of large data packets to improve end-to-end TCP transmission efficiency.

Implementation Mechanism

• If a SYN or SYN-ACK packet does not have an MSS field, the device automatically inserts an appropriate MSS value:

  MSS=MTU-40–APPENDLEN

  MSS indicates the MSS value that is automatically inserted. MTU indicates the maximum transmission unit of the interface. APPENDLEN indicates the packet length added during VPN encryption and encapsulation.

• If a SYN or SYN-ACK packet has an MSS field, the device compares MSS-APPENDLEN with MTU-40-APPENDLEN and adjusts the MSS value as appropriate.

  • If MTU-40-APPENDLEN is larger than MSS-APPENDLEN, the original MSS value is retained.
  • If MTU-40-APPENDLEN is smaller than MSS-APPENDLEN, MTU-40-APPENDLEN is used as the new MSS value.

  MSS indicates the MSS value that is automatically inserted. MTU indicates the maximum transmission unit of the interface. APPENDLEN indicates the packet length added during VPN encryption and encapsulation.

Restrictions

• The MTU values of the interfaces through which the VPN passes must be the same.
• Automatic TCP-MSS adjustment is performed only when the MTU value of the interface ranges from 256 to 9600.
• This function is supported by the IPSec, GRE, and L2TP services but not by the L2TP over IPSec or GRE over IPSec service.