The impact of mtu mss settings on the Network Environment

MTU: Maximum Transmission unit of maxitum transmission unit

MSS: maxitum Segment Size Maximum Segment Size

Pppoe: PPP over Ethernet (carrying the PPP protocol over Ethernet)

[Analysis process]
Let's talk about the MTU's maximum transmission unit, which is closely related to the link layer protocol. Let's take a closer look at the structure of ethernetii frames DMAc + SMAC + Type + Data + CRC.
Due to the electrical limitations of Ethernet transmission, each Ethernet frame has a minimum size of 64 bytes and cannot exceed 1518 bytes. For Ethernet frames smaller than or greater than this limit, we can regard them as wrong data frames, generally, Ethernet forwarding devices discard these data frames.
(Note: data frames smaller than 64 bytes are generally produced by "Fragmentation" caused by Ethernet conflicts, line interference, or bad Ethernet interfaces, for data frames larger than bytes, we generally call it a giant frame, which is generally generated by line interference or bad Ethernet ports)

Since the maximum data frame of Ethernet ethernetii is 1518bytes, deplane the frame header of an Ethernet frame (DMAc destination MAC address 48bit = 6 bytes + SMAC source MAC address 48bit = 6 bytes + type domain 2 bytes) 14bytes and frame-end CRC verification Part 4 bytes (this department is also called the FC sometimes ), then the rest of the places that carry the upper-layer protocol, that is, the maximum data domain can only have bytes, which we call MTU. This is where the network layer protocol is very concerned, because the network layer protocol, for example, the IP protocol, determines whether to split the data transmitted from the upper layer based on this value. It is like a box that cannot hold a big chunk of bread. We need to cut the bread into slices and put it in multiple boxes.

When two remote PCs are interconnected, their data must pass through many routers and a variety of network media to reach the peer end. The MTU of different media in the network is different, it is better than a long pipe, which is composed of different water pipes of different thickness (different MTU). The maximum water volume of the pipe is determined by the finest water pipe in the middle.

For the upper-layer protocols at the network layer (we take the TCP/IP protocol family as an example), they do not care about the pipe width. They think this is the network layer. The Network Layer IP protocol checks the size of each packet from the upper layer protocol, and determines whether to perform "sharding" based on the MTU size of the local machine. The biggest disadvantage of sharding is that
This reduces the transmission performance. The tasks that can be done once are divided into multiple tasks. Therefore, you will pay attention to this issue when implementing a higher layer (Transport Layer) at the network layer! For some reason, some higher layers require that I cannot slice this bread. I want the full bread, so I will add it to the IP packet header.
Tags: DF (donot fragment ). In this way, when the IP packet is transmitted in a large network (in the pipe), if the MTU is smaller than the IP packet, the forwarding device will discard the packet as required. Then, an error message is returned to the sender. This will often cause some communication problems, but fortunately most network links are mtu1500 or greater than 1500.

For UDP, this protocol itself is a connectionless protocol, which does not concern much about the arrival sequence of data packets and whether the packets arrive correctly. Therefore, UDP applications generally have no special requirements on fragment.

The TCP protocol is different. This protocol is a connection-oriented protocol. For TCP, it is very concerned about the arrival sequence of data packets and whether errors occur during transmission. Therefore, some TCP applications have requirements on fragment-they cannot fragment (DF ).

Let's talk about the story of MTU. Today's second pig-pppoe is a so-called pppoe that runs the PPP protocol over Ethernet. Someone is wondering, are PPP and Ethernet both link layer protocols? Why does one link layer go to another link layer? Cannot it be upgraded to a network layer protocol. In fact, this is a misunderstanding: a certain layer of Protocol can only carry a higher layer of protocol.

Why is this strange demand? This is because with broadband access (this type of broadband access is generally cable modem, XDSL, or Ethernet Access) due to the lack of authentication and billing mechanisms for Ethernet, the traditional operator uses the PPP protocol to authenticate and charge for dial-up and other access services, so this is a freak: pppoe. (For details about pppoe, refer to the Introduction articles provided by Party v and other members of this site. I will not mention them here)

Pppoe brings both benefits and some disadvantages, such as resource consumption by secondary encapsulation and reduced transmission efficiency. I will not talk about these disadvantages, the biggest disadvantage is that pppoe makes MTU smaller, and the MTU of Ethernet is 1500, Which is 1492 less than the overhead of the PPP packet header (8 bytes.

If pppoe is used in a network segment between the two hosts, some applications that cannot be split cannot communicate.

At this time, we need to adjust the MTU of the host to reduce the MTU of the host so that we can smoothly communicate with each other.

Of course, there are other solutions for TCP applications.
Please leave the third pig today: MSS.
The abbreviation of the Maximum Transmission size of MSS is a concept in TCP.
MSS is the maximum data segment that TCP data packets can transmit each time. To achieve optimal Transmission Performance, TCP usually needs to negotiate the MSS value of both parties when establishing a connection, this value is often replaced by the MTU value when the TCP protocol is implemented (the size of the IP packet header must be reduced by 20 bytes and the packet header of the TCP data segment is 20 bytes). Therefore, the MSS is usually 1460. Both parties will determine the maximum MSS value for this connection based on the MSS value provided by both parties.

After introducing these three pig s
Let's look back at the question in the preface. Let's think about it, if we adjust the maximum MSS of each TCP connection on the intermediate router so that the maximum mss value of the pppoe link plus the end Of the data packet header will not exceed the MTU size of pppoe 1492, this will not cause communication failure. therefore, the above problem can be solved through ip tcp adjust-MSS 1452.

Of course, the problem can also be solved by modifying the MTU of the PC.

[Postscript]
Cisco TCP adjust MSS feature:

The tcp mss adjustment feature enables the configuration of
Maximum Segment Size (MSS) for transient packets that traverse a router,
Specifically TCP segments in the SYN bit set, when Point to Point Protocol
Over Ethernet (pppoe) is being used in the network. pppoe truncates
Ethernet maximum transmission unit (MTU) 1492, and if the specified tive MTU
On the hosts (PCS) is not changed, the router in between the host and
Server can terminate the TCP sessions. The ip tcp adjust-MSS command
Specifies the MSS value on the intermediate router of the SYN packets
Avoid truncation.

I. Principles of TCP MSS
PC1 (192.168.0.1)-router--Internet--WWW server (238.135.1.1)
When the two ends of a TCP connection have three handshakes, the tcp mss size is negotiated as follows:
PC1 sends Syn packets. The MSS field filled with the option is generally 1460. Similarly, after the WWW server receives the SYN packet, it will send a SYN + ACK packet response, the option is also filled with 1460 MSS fields. Both parties negotiate to compare the size of the MSS fields in the SYN and SYN + ACK messages, and select a smaller MSS value as the size of the TCP Shard to be sent. By comparison, the tcp mss of both parties is 1460.
For networks that involve MPLS l3vpn, pppoe + NAT, IPSec, L2TP, and GRE, fragments are usually required because the packets are too large, which can be solved by setting tcp mss.
The preceding example shows how to implement tcp mss.
Assume that tcp mss 1200 is configured on the network port of the vro.
When the router receives the SYN + ACK packet from WWW server, the MSS field in option is changed to 1200, and then forwarded to pC1. After pC1 receives the packet, it considers the tcp mss of the Peer end to 1200. In this way, pC1Send the materials (the negotiation has been completed)For WWW server, 1200 is used as the part size, but the operation on WWW server whose vro modifies tcp mss to 1200 is unknown. Therefore, WWW server sends packets with 1460 as the part size.

Assume that tcp mss 1200 is configured on the outer port of the router.
When the router receives the SYN packet from pC1, the MSS field in option is modified to 1200, and then forwarded to WWW server. Similarly, when WWW server sends data to pC1, 1200 is used as the part size; similarly, pC1 does not know that the vro modifies tcp mss to 1200, because pC1 also sends packets as part size.
Therefore, tcp mss needs to be modified simultaneously on the Intranet and the Internet for two-way big packet transmission.
To sum up, the tcp mss command configured on the router interface is valid only for SYN packets and SYN + ACK packets in the outbound interface direction, and is invalid for SYN and SYN + ACK packets in the inbound interface direction.

Ii. Relationship Between tcp mss and big packet Communication

When users access the Internet using a router, they often report that they cannot access the webpage (or some webpages) and use outlook to send and receive emails (these applications are based on TCP or UDP ), but there is no problem when you ping the package. At this time, there is no error in the configuration check. In this case, most of the reason is that a NAT application is performed on the device, and the device performs packet sharding.
An IP packet contains a quintuple, but only the quintuple information (source destination IP address, source destination port number, and Protocol number) of the first packet with an IP address is required for partitioning ), the subsequent parts do not retain all the identification information of TCP/UDP packets, such as the port number. In this case, if the device implements the NAT translation operation (during the NAT translation process, and the application is based on TCP/UDP. As a result, packets cannot be correctly grouped and the preceding problem occurs.
When a TCP/IP connection is established, many parameters are negotiated. Among them, the tcp mss parameter is used to negotiate the TCP packet size, if the negotiated tcp mss parameter value is smaller than the MTU value of the device, the TCP packet will not be split on the device. Otherwise, the packet will be split and the above phenomenon will occur, therefore, to avoid the above situation, make sure that the negotiated tcp mss parameter is smaller than the MTU value of the device. Therefore, there is a command on the quidway router to set the tcp mss value. If this command is configured, when a router device establishes a TCP/IP connection, it modifies the value of tcp mss in the negotiation message according to the configured value, this value can also be negotiated during the same peer negotiation. If this command is not configured, the router device does not modify the value in the packet (sometimes the value in the negotiation packet sent from the peer device is large, such as 8000 ). Generally, the default or configured MTU value is about 1500.
The value of the MSS device is less than 1500, such as 1400 or 1024.
If the tcp mss value is set too small, a significant increase in the number of packets will lead to a decrease in efficiency. In particular, it is unnecessary to limit the size of TCP packets when no NAT application is configured. Due to the complicated application, setting the default tcp mss value is not particularly appropriate (the device will modify the tcp mss value when establishing a connection). Therefore, it is better to pay attention to it in the application, this configuration command is also available for Cisco devices.

MTU: Maximum Transmission unit of maxitum transmission unit

MSS: maxitum Segment Size Maximum Segment Size

The abbreviation of the Maximum Transmission size of MSS is a concept in TCP.
MSS is the maximum data segment that TCP data packets can transmit each time. To achieve optimal Transmission Performance, TCP usually needs to negotiate the MSS value of both parties when establishing a connection, this value is often replaced by the MTU value when the TCP protocol is implemented (the size of the IP packet header is reduced by 20 bytes and the packet header of the TCP data segment is 20 bytes ), both parties will determine the maximum MSS value for this connection based on the MSS value provided by both parties.

Generally, the MTU of Ethernet is 1500, so in Ethernet, the tcp mss is usually 1460.

The specific process of tcp mss negotiation is as follows:
The tcp client sends a SYN packet, where the option field is generally (MTU-IP header size-TCP Header size), after the TCP server receives the SYN packet, the SYN + ACK message is sent, and the option is filled with the MSS field (MTU-IP header size-TCP Header size ); both parties will compare the size of the MSS field in the SYN message and SYN + ACK message, and select a smaller MSS as the size of the TCP part to be sent.

For networks that involve pppoe + NAT, IPSec, L2TP, and GRE, clustering is usually required because the packet size is too large, which will reduce the transmission rate. Therefore, selecting an appropriate MSS is important for data transmission. in Linux, you can set tcp mss through netfilter iptables.

Iptables-a forward-p tcp--TCP-flags SYN, RST syn-J tcpmss -- clamp-MSS-to-PMTU

The purpose of this rule is to change tcp mss to adapt to PMTU (path MTU)

Iptables-a forward-p tcp -- TCP-flags SYN, RST syn-J tcpmss -- Set-MSS 128

Set MSS to 128