Network Performance Analysis: TCP MSS

To ensure optimal performance, check your TCP maximum segment size.

Tony Fortunato

November 2, 2016

3 Min Read
NetworkComputing logo in a gray background | NetworkComputing

In my last article, I explained how TCP SYN analysis reveals accurate round-trip times. In this article, I will discuss another TCP analysis option for network analysis and troubleshooting: maximum segment size (MSS), which is advertised as part of the SYN process. You can analyze the MSS value for insight into network performance and see how efficiently data is being transferred.

Before we get into the bits and bytes, please note that I’m using some standard IP and TCP values. Depending on your network architecture and device configurations, your specific values may differ.

In the figure below, you can see that both devices have a MSS of 1,460 bytes, which is the maximum value for most Ethernet topologies. There are specific configurations such as jumbo Ethernet frame support, dialup, PPOE, and other scenarios that will require you to decrease or increase the maximum transmission unit (MTU).

null

MSS-1.png

 

If the MSS value is less than the maximum, it may be due to a smaller IP MTU setting. For example, if the IP MTU is 200 bytes smaller to support VPN traffic, the TCP MSS will also be 200 bytes less. The diagram below illustrates the size dependency between the IPv4 MTU and the TCP MSS.

null

MSS-2.png

 

The goal is to determine and validate the IP MTU value or settings when the TCP MSS is less than expected. Validating the MSS can be challenging since you might not have physical access to all the layer 3 (and higher) devices between the two devices.

There are many tips and tricks to perform MTU discovery. For example, you can ping the end device with the don’t fragment” bit set. This will only work if ICMP is supported by all the intermediate devices. Another trick would be to connect to another device on the same network and compare TCP SYN packets.

So what MSS value do I consider small? My rule of thumb is anything less than 1,000 bytes is worth investigating. Below you can see that the server responds with a MSS of 512, which is much smaller than the 1,460 than we were expecting. This means that you will have to send three 512-byte segments instead of one 1,460-byte segment. It is important to note that the smaller of the two MSS are used for the conversation.

null

MSS-3.png

 

This next example is based on a very interesting problem that I troubleshooting, in which the sending device set its MSS to 2, which turned out to be a driver bug in a firewall/NAT appliance.

null

MSS-4.png

 

If you need to investigate MTU or MSS issues, it's important to concentrate on the correct devices. For example, it's quite common for VPN clients or PPOE configurations to reduce the IP MTU. In some cases, you can verify your settings in the registry in Microsoft operating systems. For other operating systems, a simple internet search on how to modify your IP MTU should get you a result.

Network equipment such as routers, firewalls, NAT devices, proxies and load balancers that operate at layer 3 or higher will have various ways to confirm the IP MTU. True layer 2 switches, hubs, taps, modulators or transceivers do not operate at layer 3, so you can skip those. 

For example, the show interface command will display the current MTU of a Cisco router as shown below.

null

MSS-5.png

 

Overall, when dealing with network performance issues, it pays off to make sure you are receiving/sending the maximum packet size for your specific configuration.

About the Author

Tony Fortunato

Sr Network Performance Specialist

Tony Fortunato is a network performance expert who has been designing, implementing and troubleshooting networks since 1989. His company, The Technology Firm, provides clients of all sizes with services ranging from project management, network design, consulting, troubleshooting, designing custom-designed training courses, and assisting with equipment installation. Tony's experience in networking started with financial trading floor networks and ISPs, where he learned to integrate and support equipment from various vendors. Tony has taught and presented at numerous colleges and universities, public forums and private classes. He blogs frequently at NetworkDataPediaand has a popular YouTube channel.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights