MTU & MSS

MTUIt is the abbreviation of maximum transmission unit, which is the largest transmission unit.Maximum packet transmitted over the networkIn bytes.

Ethernet imposes a limit on the length of data frames. The maximum value is 1500. This feature is called MTU. Most of different types of networks have an upper limit. If an IP packet is to be transmitted on the IP layer and the data length is greater than the MTU value on the link layer, the packet must be split, in addition, each data packet to be split must be equal to or less than the MTU value. Generally, the last data packet is smaller than this value. For example, if a 5000-byte data packet crosses the network, a 1500-byte MTU Data Link is displayed, that is, a data frame pair can accommodate 1500-byte data packets. Data packets need to be divided into multiple small data packets before the data is converted into frames. After the data packet is split, the marked fields of each data packet are marked with the same tag so that the receiver can identify the parts of the same data packet. If the data packet is not sharded, the packet will be discarded, resulting in packet loss. However, if the MTU value is set too small, so that a packet that is not very large is divided into many slices for transmission, a lot of data packet fragments will be generated, increasing the device burden, reduces network usage.

Ethernetii Frame Structure DMAc + SMAC + Type + Data + CRC. Due to the electrical limitations of Ethernet transmission, each Ethernet frame has a minimum size of 64 bytes, and the maximum size cannot exceed 1518 bytes, for Ethernet frames smaller than or greater than this limit, we can regard them as incorrect data frames. Generally, Ethernet forwarding devices will discard these data frames. Data frames smaller than 64 bytes are generally produced by "fragments" produced by Ethernet conflicts, line interference, or bad Ethernet interfaces. For these "fragments" less than 64 bytes ", the MAC Sub-layer is filled with data fields to ensure that the length of the entire data frame is no less than 64 bytes for transmission.

Why do Ethernet rules stipulate that the data frame length is no less than 64 bytes?

Ethernet is not reliable, which means that the sender does not know whether the Peer of the data sent by the sender has received the data, but if the packet sent by the sender has an error, it will be re-transmitted. When will an error occur? What does an error mean? How does Ethernet detect an error?

Ethernet errors are mainly caused by a collision. A collision means that two machines listen to the network at the same time and send data at the same time. A collision is normal for Ethernet. The well-known CSMA/CD is used to detect conflicts. If a detects that the network is idle, it starts to send data packets and tries its best to transmit them. When the data packet has not reached B, B also detects that the network is idle and starts to send data packets, in this case, a collision occurs. B finds a collision and starts to send a collision signal. The so-called collision signal is a continuous 01010101 or 10101010, And the hexadecimal system is 55 or AA. The collision signal will return to a. If a has not sent the packet when the collision signal reaches a, a will know that the packet has encountered an error and re-transmits the packet. However, if the collision signal returns to a, and the packet has been sent (when the packet is short), a will not re-transmit the packet.

Why is this retransmission mechanism designed for Ethernet. First, Ethernet does not want to adopt a connection mechanism because it will reduce efficiency, but he wants to have a certain retransmission mechanism, because the retransmission of Ethernet is in microseconds, And the retransmission of the transport layer, for example, if TCP retransmission reaches the millisecond level and the application layer retransmission reaches the second level, we can see that the lower the layer retransmission, the faster the speed. Therefore, for Ethernet errors, the Ethernet must have a retransmission mechanism. To ensure the re-transmission of Ethernet, it is necessary to ensure that when a receives the collision signal, the packet is not transmitted completely. To achieve this requirement, the distance between A and B is critical, that isThe back-and-forth time for signal transmission between A and B must be controlled within a certain range.. IEEE defines this standard. In a collision domain, the round-trip time between the farthest two machines must be less than 512bit time. (when the back-to-back time is less than 512 bits, the so-called bit time is the time required to transmit a bit ). This is also the diameter of a collision domain. When there are 512 bits, that is, the transmission time of 64 bytes,If the Ethernet data packet is greater than or equal to 64 bytes, it can ensure that when the collision signal reaches a, the data packet has not been passed.

How is the 512bit time obtained?

First look at a relatively old but popular standard: 10base5, an Ethernet standard, which is used to use a base band local network with a coarse coaxial cable and a speed of 10 Mbps. In a bus network, the maximum transmission distance is 500. The network node is equipped with a transceiver that is inserted into the 15-pin connection unit interface on the NIC and connected to the cable. It also serves as thick Ethernet, thicknet, and thickware. See also coaxial cable, Ethernet, which refers to the 10 Mbit/s baseband Ethernet specification using a standard (coarse) 50Ω baseband coaxial cable. It is part of the IEEE 802.3 baseband physical layer specification. The distance between each network segment is 500 m, the maximum network span is 2500 m, and the maximum number of terminals for each network segment is 100, the distance between each workstation is an integer multiple of 2 to 5 MB. The round-trip time of the collision domain mentioned above was defined according to the 10 m network standard at that time. 10base5 allowed the farthest two workstation to be 2.5 kilometers away from each other, the electronic signal return time of 2.5 km is about us. Based on CSMA/CD, the minimum packet is calculated in 51.2us and 10 Mbps: 51.2us * 10 Mbps = 512 bit = 64 bytes. This is why Ethernet requires a minimum of 64 bytes. One is based on the CSMA/CD requirements, and the other is based on the 10 m network standards at that time.

Ethernet frames cannot exceed 1518 bytes,It is set to 1518, mainly considering the transmission efficiency accuracy rate.. Since the maximum data frame of Ethernet ethernetii is 1518 bytes, remove the frame header of an Ethernet frame (DMAc destination MAC address 48bit = 6 bytes + SMAC source MAC address 48bit = 6 bytes + type domain 2 bytes) 14bytes and frame tail CRC (FCS) the verification part is 4 bytes. Then the rest of the places that carry the upper-layer protocol, that is, the maximum data domain can only have bytes, which we call MTU. This is where the network layer protocol is very concerned, because the network layer protocol, for example, the IP protocol, determines whether to split the data transmitted from the upper layer based on this value. It is like a box that cannot hold a big chunk of bread. We need to cut the bread into slices and put it in multiple boxes.

MTU Value Setting in pppoe Environment

Why is Ping failure when MTU is set to greater than 1492 during pppoe dial-up connection? First, we need to figure out how the MTU contains the values? In the above network environment, the MTU value under the router dial-up interface is set to 1500. When the host is pinged to www.qq.com-l 1470, the packet is captured for viewing. Ping is not allowed. The command Ping www.qq.com-l 1470 in 1470 indicates that the length of the ICMP packet's net load data is 1470 bytes. The captured ICMP messages include: Ethernet header, IP header, ICMP-Internet Control Messages protocol, and FCS-frame check sequence. The length of each item in the table below:

Project	Content	Length (bytes)	Remarks
Packet Length		1516	Total Packet Length
Ethernet header	Destination	6	The destination MAC and source MAC are 48 bits, respectively occupying 6 bytes.
	Source:	6
	Protocol type:	2
IP Header	Header Length:	20	IP Header
ICMP	ICMP Type	8	ICMP Header
	ICMP data area:	1470	ICMP Net Load Length
FCs		4	Frame verification serial number

In this ping packet, the MTU value calculation contains the IP header, ICMP header, and ICMP Net Load Length, that is, 20 + 8 + 1470 = 1498. Generally, 1498 is significantly less than the MTU value of 1500 In the dial-up interface. In this case, no sharding is required. The ICMP packet should be sent normally. But why can't I ping it? That is the case on the Ethernet link. What does MTU contain when I access the Internet through pppoe dial-up? The so-called pppoe is to run the PPP protocol over Ethernet. Isn't the PPP protocol and Ethernet both a link layer protocol? Why does one link layer go to another link layer? Cannot it be upgraded to a network layer protocol. In fact, this is a misunderstanding: a certain layer of Protocol can only carry a higher layer of protocol. The pppoe protocol stack is as follows:

IP

PPP

Pppoe

Ethernet

Why is this strange demand? This is because with broadband access (this type of broadband access is generally cable modem, XDSL, or Ethernet Access) due to the lack of authentication and billing mechanisms for Ethernet, the traditional carrier uses PPP protocol to authenticate and charge for dial-up and other access services, so pppoe emerged.

Let's look at the pppoe data packet format:

Version	Type	Code	Session ID
Length			Net Load

Pppoe is transmitted over Ethernet. The pppoe header consists of 6 bytes and 2 bytes of the Ethernet frame type. This 8-byte pppoe encapsulation field will be added to the datagram when data is sent from the dial-up interface. Therefore, the actual length of the data packet sent from the dial-up interface is 1498 + 8 = 1506 greater than the MTU value 1500 of the physical Ethernet interface F0/1. Therefore, the data packet will be discarded, thus, Ping www.qq.com-l 1470 on the host fails. Pppoe brings both benefits and some disadvantages. For example, the second encapsulation consumes resources and reduces transmission efficiency. The biggest disadvantage is that pppoe reduces MTU and the Ethernet MTU is 1500, the overhead (8 bytes) of the end of the PPP packet header is reduced to 1492. Through the above analysis, in the pppoe environment, the eight-byte pppoe encapsulation field needs to be taken into account when setting the MTU interface. MTU = 1500-8 = 1492. In this way, when IP header (20) + ICMP header (8) + ICMP Net Load Length + pppoe header (8) <= physical interface 1500 (ICMP Net Load <= 1500-28 = 1472), the packet is not discarded because the packet length exceeds the MTU value of the interface, in addition, data packets can be sent to the maximum extent without sharding, improving transmission efficiency.

MTU Fragment

When the length of a data packet is greater than the MTU value on the link layer, the IP layer needs to partition the data packet, in addition, each data packet to be split must be smaller than the MTU value. Next we will analyze how data packets are sliced through packet capture. Ping www.qq.com-l 1600on the PC, and 1600 is the length of ICMP net load data.

Fields related to data packet sharding:

Identifier): The length of this field is 16. It is usually used together with the marking field and the offset field for packet sharding.

Fragmentation flags(Part mark): The length is 3, where 1st bits are not used, and 2nd bits are not sharded (DF). When DF bits are set to 1, it indicates that the router cannot partition data packets (for some upper-layer TCP applications, for some reasons, it is required that data packets of the application cannot be sharded, in this case, set DF to 1 ). If a packet cannot be forwarded because it cannot be sharded, the router discards the packet and sends an error message to the source node. This function can be used to test the MTU value on the network.

The 3rd bits indicate that there are more (MF) bits. When the router fragment the data packet, in addition to setting the MF bits of the last fragment to 0, the MF bits of all other segments are set to 1, so that the recipient will not receive the MF bits of 0.

Is the size of each shard the same after a packet is split? Is the size of the shard random or regular? When data packets are sliced, the maximum length of the bytes under the net load is used to maximize the size of each packet to the upper limit allowed by MTU. This increases the data transmission rate. For example, host a sends four 3000 data packets to host B, each of which is divided into three packet shards, what is the size of the first and third sharding packages? According to the maximum MTU of pppoe is 1492 and the working principle of the multipart mark, the maximum net load of each data packet is 1472 bytes, therefore, a large 3000-byte packet is split into 1472 bytes, 1472 bytes, and 48 bytes of data packets with a net load. Therefore, the four 3000-byte large packets sent by host A to B are split in exactly the same way.

Fragment offset:(Segment offset): the length of a field is 13 BITs. The unit is 8 8 bits. It is used to indicate the offset of the segment start point to the header start point. Because the segment arrival may be in the wrong order, the segment offset field can enable the receiver to reorganize the packet in the correct order.

To sum up, when the host sends a 1600-byte ping packet to the destination server address 222.73.78.203, the ping packet is sent to the host NIC (the MTU value of the host Nic is 1500 by default ), the network adapter splits the packet into two packets. The total length of the first packet is 1500 (1472 + 20 + 8) bytes, and the total length of the second packet is 148 (128 + 20) bytes. The first packet is forwarded to the vro through a vswitch (the MTU of the vswitch interface is 1500, and no sharding is performed). The internal network port F0/0 of the vro does not perform sharding, when the Virtual Interface of the forwarding router is configured with a 1500 fragment packet, it is processed again (because the MTU value of the Virtual Interface is 1492 ), the split packet is added with an 8-byte pppoe header when it is out of the Virtual Interface. Because the split packet length is less than 1500 of the MTU value of the Internet port F0/1, therefore, it is forwarded from the physical port F0/1. The fragmented data packet is not reorganized at the other end of the data link, but remains in the shard State until it reaches the final destination.

TCP-MSSIt is the abbreviation of the Maximum Segment Size of maximum segment, meaningMaximum Segment of data that can be transmitted each time by a TCP packetIs a concept in the TCP protocol, default value is 536.

The MSS value indicates the size of the TCP packet's net load data. The setting of the packet size can achieve the same effect as setting the MTU value. It is to prevent the packet size sent by the host from exceeding the MTU value of the network link from being discarded. However, in practice, the MSS value is often replaced by MTU when implemented in TCP. The implementation principle is: some TCP implementations only send the MSS option when the target host is on a non-direct connection network, the PC will be connected to the destination IP address, negotiate an MSS parameter as a reference for sending data packets by yourself. The MSS parameter indicates the maximum unsharded data packet size on the peer end and only the net load is included.

MSS is the maximum net load data segment that TCP data packets can transmit each time. Tcp mss is defined as the corresponding IP datagram size minus the TCP Header (20) and IP header (20), which is 40, and the default value of the maximum IP datagram size is 576, this causes the default value of tcp mss to be 536 bytes. The maximum length of the IP packet that can be transmitted over the Ethernet link is MTU 1500, which causes the maximum value of MSS to be 1500-20-20 = 1640. In the pppoe dial-up environment, the 8-byte pppoe Encapsulation Header is also required. Therefore, the maximum MSS value of the dial-up interface in pppoe is 1500-20-8 = 1452.

In the TCP Message, the location of the MSS is in the option. There are many options, and MSS is one of them. In TCP packets, MSS is optional and not mandatory. In other words, MSS is negotiable. After negotiation, the content of this option can be changed or unavailable, during MSS negotiation, the two ends of the TCP connection are generally notified when the [SYN] flag message is sent, and then the minimum MSS is selected as the agreement between the two parties, if neither party is notified or the other party is not notified, the default MSS value is 536. I can't help wondering why TCP does not belong to the application layer and MSS is the property Option of TCP. Why is it handled by Ip? This is because generally, the TCP layer cannot make such a decision based on appropriate information, and it is more willing to leave the MTU that determines the Internet path to the IP layer.

When a PC accesses the website server, the MSS value and other parameters are negotiated during the TCP connection phase. Then, the PC uses the default 1460-byte MSS to send TCP connection requests to the website server. Therefore, when using pppoe to access the Internet, the PC and the website server send a data packet through the negotiated 1460 bytes. After the packet is encapsulated with a TCP header and an IP header, it reaches the vro Virtual Interface, the router checks the MTU value of its interface and finds that the packet is greater than the set MTU value of 1492. Then, the packet is split into two data packets for sending. However, the website believes that after the MSS value has been negotiated between us, only the message with the defined length of the MSs will be accepted. Any message with the length greater than or less than the MSs will be invalid and I will discard it, in this case, some applications or websites cannot be opened. After the ip nat mss 1452 command is set on the vro, when the PC sends a TCP connection request to the Website Based on the 1460-byte MSS, The vro receives the request, it is found that when 1460 is set and the packet header is greater than the maximum limit of 1492, the MSS value is reduced by 8, that is, 1452, then, send the modified connection request to the website to be forwarded. In this way, if the website agrees to the connection request forwarded by the router, the TCP connection can be established successfully. In this way, when a PC accesses the website, only a 1492-byte IP packet is sent.

In the overview section of the article, we have already described what is TCP-MSS and what its role is. Now we still use the experiment to capture packets to analyze it.

When a PC accesses www.qq.com, a TCP negotiation is established between the PC and the server, and the PC and the server will notify each other of their own MSS values. Then, the minimum MSS value is selected as agreed by both parties. Through in-depth analysis of the data packets during TCP negotiation, we can draw a conclusion. We will compare the details of the first data packet sent by pC1 to the website and the first data packet returned by the website.