Automatic TCP-MSS Adjustment

Background

During TCP connection setup, the Option of SYN or SYN-ACK packets may carry the MSS field to inform the peer device of the maximum segment size that the local device can receive. After the MSS values are exchanged and compared, the smaller MSS value is selected for forwarding packets to ensure that the network involves no packet fragmentation. If fragmentation does not exist, the larger the MSS value, the greater the amount of data sent per segment, and the higher the network usage. Proper MSS value adjustment can minimize the possibility of fragmentation and promote the transmission of large data packets to improve end-to-end TCP transmission efficiency.

Implementation Mechanism

• If a SYN or SYN-ACK packet does not have an MSS field, the device automatically inserts an appropriate MSS value:

  MSS=MTU-40–APPENDLEN

  MSS indicates the MSS value that is automatically inserted. MTU indicates the maximum transmission unit of the interface. APPENDLEN indicates the packet length added during VPN encryption and encapsulation.

• If a SYN or SYN-ACK packet has an MSS field, the device compares MSS-APPENDLEN with MTU-40-APPENDLEN and changes the overly large MSS value to a smaller value.

  • If MTU-40-APPENDLEN is larger than MSS-APPENDLEN, the original MSS value is reserved and used.
  • If MTU-40-APPENDLEN is smaller than MSS-APPENDLEN, MTU-40-APPENDLEN is used as the new MSS value.

  MSS indicates the MSS value that is automatically inserted. MTU indicates the maximum transmission unit of the interface. APPENDLEN indicates the packet length added during VPN encryption and encapsulation.

Restrictions

• MTU values of interfaces through which the VPN passes must be the same.
• Automatic TCP-MSS adjustment is performed only when the MTU value of the interface ranges from 256 to 9600.
• This function is supported by the IPSec, GRE, and L2TP services but not the L2TP over IPSec or GRE over IPSec service.