During session connection establishment, two peers, or hosts, engage in negotiations to determine the IP segment size of packets that they will exchange during their communication. The segment size is based on the MSS option (maximum segment size) value set in the TCP SYN (synchronize) packets that the peers exchange during session negotiation. The MSS field value to be used is largely determined by the maximum transmission unit (MTU) of the interfaces that the peers are directly connected to.
You can use the tcp-mss statement to decrease the maximum segment size specified in the TCP SYN packets that traverse the router. Decreasing the maximum segment size protects IP packets against packet fragmentation. It also protects against packet loss that can occur when a packet's segment size is larger than the established MSS value and the DF-bit (don't fragment) bit is set.
The TCP protocol is designed to limit the size of segments of data to a maximum of number of bytes. The purpose for this is to constrain the need to fragment segments of data for transmission at the IP level. The TCP MSS specifies the maximum number of bytes that a TCP packet's data field, or segment, can contain. It refers to the maximum amount of TCP data in a single IP datagram that the local system can accept and reassemble.
A TCP packet includes data for headers as well as data contained in the segment. If the MSS value is set too low, the result is inefficient use of bandwidth; More packets are required to transmit the data. An MSS value that is set too high could result in an IP datagram that is too large to send and that must be fragmented.
Typically a host bases its MSS value on its outgoing interface's maximum transmission unit (MTU) size. The MTU is the maximum frame size along the path between peers. A packet is fragmented when it exceeds the MTU size. Because of variation of the MTU size of the interfaces of hosts in the path taken by TCP packets between two peers, some packets that are within the negotiated MSS size of the two peers might be fragmented but instead are dropped and an ICMP error message is sent to the source host of the packet.
To diminish the likelihood of fragmentation and to protect against packet loss, you can decrease the TCP MSS size using the tcp-mss statement. When you use the tcp-mss statement to set the TCP MSS size, it applies to TCP SYN packets whose MSS value is higher than that specified by the configuration across all the router's interfaces. You cannot exempt particular ports from its effects. The tcp-mss statement applies to IPv4 TCP traffic only.
For additional information, see the JUNOS System Basics Configuration Guide.
To configure the Services Router to adjust the MSS value to 576 bytes for TCP SYN packets whose existing MSS value is higher, enter the following statement:
- user@host# set system internet-options tcp-mss
576
To disable the TCP MSS feature, enter the following statement:
- user@host# delete system internet-options
tcp-mss
If you are finished configuring the route, commit the configuration by entering the commit command from the configuration prompt.