Introduction
The TCP Maximum Segment Size (MSS) defines the maximum amount of data that a host is willing to accept in a single TCP/IP datagram. The MSS value is sent as a TCP header option only in TCP SYN segments. Each side of a TCP connection reports its MSS value to the other side. In order to assist in avoiding IP fragmentation at the endpoints of the TCP connection, the selection of the MSS value was changed to the minimum buffer size and the MTU of the outgoing interface. MSS is based on default header sizes; the sender stack must subtract the appropriate values for the IP header and the TCP header depending on what TCP or IP options are being used. Incorrect MSS sizes acn result into IP fragmentation.
IP Fragmentation
The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram. IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later. The IP source, destination, identification, total length, and fragment offset fields, along with the "more fragments" and "don't fragment" flags in the IP header, are used for IP fragmentation and reassembly.
Configuring MSS
The maximum segment size (MSS) is the largest amount of TCP data that the ACE accepts in one segment. To prevent the transmission of many smaller segments that waste bandwidth or very large segments that may require fragmentation, you can set the minimum and maximum acceptable sizes of the MSS. To set the MSS, use the set tcp mss command in parameter map connection configuration mode. The syntax of this command is as follows:
set tcp mss min number1 max number2
The options and arguments are as follows:
min number1—Specifies the smallest segment size that the ACE will accept. Enter an integer from 0 to 65535 bytes. The default is 536 bytes.
max number2—Specifies the largest segment size that the ACE will accept. Enter an integer from 0 to 65535 bytes. The default is 1380 bytes.
Both the host and the server can set the MSS when they first establish a connection. If either maximum exceeds the value that you set with the set tcp mss max command, the ACE overrides the maximum value and inserts the value that you set. If either maximum is less than the value that you set with the set tcp mss min command, the ACE overrides the maximum and inserts the minimum value that you set.
You can configure the ACE behavior for a segment that exceeds the configured maximum segment size (MSS) by using the exceed-mss command in connection parameter map configuration mode. The syntax of this command is as follows:
exceed-mss {allow | drop}
Verifying MSS
For a particular connection you can use a command
show np X me-stats "-c <conn-id> -vvv"
where NP number and connection detail can be obtained using "show connection" output.
ACE30-1/Admin# sh np 1 me-stats "-c 633710 -vvv"
Connection ID:seq: 633710[0x9ab6e].2
Other ConnID : 643599[0x9d20f].2
Proxy ConnID : 0[0x0].0
Next Q : 0[0x0]
20.20.20.1:21910 -> 20.20.20.2:2000 [RX-NextHop: TX] [TX-NextHop: CP]
Flags: PAT: No DynNAT: No Implicit PAT: No On_Reuse: No
L3 Protocol : IPv4 L4 Protocol : 6
Inbound Flag : 1
Interface Match : Yes
Interface MatchID: 8
EncapsID:ver : 1:0 TCP ACK delta : 0x0
MSS : 1460 TOS Stamp : 224
Repeat mode : No Punt Flag : No
Related Information
Cisco ACE 4700 Series Application Control Engine Appliance
Resolve IP Fragmentation, MTU, MSS, and PMTUD Issues
MSS value on ACE SM
