Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1236
Views
20
Helpful
4
Replies

TCP MSS Question

Go to solution
ChristopherCraddock66504
Level 1
Level 1

‎04-07-2022 01:42 PM - edited ‎04-07-2022 01:55 PM

Dear Community,

 

I have some questions about the TCP MSS process, its kind of confusing. 

 

-If an originating host sends a TCP SYN with an MSS of 1460, but the client responds with a SYN/ACK with an MSS of 1436, will both hosts use 1436 in both directions? or will the originating host use 1436 while the client uses 1460?

 

-If an originating host send a TCP/SYN with an MSS of 1436, but the responding client responds with a SYN/ACK of 1460, will the originating host use 1460 for its packets but the responding client use 1436 for its packets?

 

I guess what I am asking is: Is the MSS value in the SYN and SYN/ACK packets honored by the opposite end all the time if the values differ?

 

Thank you. 

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎04-07-2022 03:12 PM - edited ‎04-07-2022 03:14 PM

Hi @ChristopherCraddock66504 ,

 

> -If an originating host sends a TCP SYN with an MSS of 1460, but the client responds with a SYN/ACK with an MSS of 1436, will

> both hosts use 1436 in both directions? or will the originating host use 1436 while the client uses 1460?

 

Both hosts will use the lower value (1436).

 

> -If an originating host send a TCP/SYN with an MSS of 1436, but the responding client responds with a SYN/ACK of 1460, will

> the originating host use 1460 for its packets but the responding client use 1436 for its packets?

 

If the initiating host sends 1436, the receiving host will not send 1460, but rather 1436.

 

I guess what I am asking is: Is the MSS value in the SYN and SYN/ACK packets honored by the opposite end all the time if the

> values differ?

 

MSS will be the same on both sides and it will be the lowest value.

 

Regards,

 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

4 Replies 4

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎04-07-2022 03:12 PM - edited ‎04-07-2022 03:14 PM

Hi @ChristopherCraddock66504 ,

 

> -If an originating host sends a TCP SYN with an MSS of 1460, but the client responds with a SYN/ACK with an MSS of 1436, will

> both hosts use 1436 in both directions? or will the originating host use 1436 while the client uses 1460?

 

Both hosts will use the lower value (1436).

 

> -If an originating host send a TCP/SYN with an MSS of 1436, but the responding client responds with a SYN/ACK of 1460, will

> the originating host use 1460 for its packets but the responding client use 1436 for its packets?

 

If the initiating host sends 1436, the receiving host will not send 1460, but rather 1436.

 

I guess what I am asking is: Is the MSS value in the SYN and SYN/ACK packets honored by the opposite end all the time if the

> values differ?

 

MSS will be the same on both sides and it will be the lowest value.

 

Regards,

 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Harold Ritter

‎04-07-2022 03:38 PM - last edited on ‎04-11-2022 09:06 AM by Community Manager

As @Harold Ritter (correctly) notes, both ends use the smallest value being used on either end.

Also wanted to add (although not asked), the

TCP adjust-mss #

if supported by platform, need only be defined once, on any interface, which TCP session startup will transit (as this command "spoofs" the exchange to using value in the command).

Further, end-host and/or TCP adjust-mss using a smaller MSS do not guarantee there cannot be any fragmentation, but often it will avoid it, in cases such a media supporting "standard" Ethernet frames and something like a GRE tunnel being used (I assume as your OP mentions a MSS of 1436, and as GRE has 24 bytes of overhead, you might be looking into that too).

Go to solution
ChristopherCraddock66504
Level 1
Level 1

‎04-08-2022 05:36 AM - last edited on ‎04-11-2022 08:55 AM by Community Manager

Harold and Jospeh,

 

Thanks so much for the replies! Indeed, I am asking this because of GRE. More specifically, because we are looking to use Cloudflare Magic Transit and I was not quite understanding their requirement to implement the

ip tcp adjust-mss

feature on our outbound internet interface. But you have cleared up my confusion! 

 

Thanks again!

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to ChristopherCraddock66504

‎04-08-2022 08:13 AM - last edited on ‎04-11-2022 08:54 AM by Community Manager

If you're going to use a GRE tunnel, you'll only need to apply the

ip tcp adjust-mss

command there, however there are other commands, dealing with IP MTU and MTU discovery that are worth applying to the physical interface.  See Resolve IPv4 Fragmentation, MTU, MSS, and PMTUD Issues with GRE and IPsec for more information.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card