TCP/IP and data cut

Question

I would like to clarify my understand about TCP/IP model and packet cutting. I think it's done by layer 3 (Transport, eg. TCP) but I'm note sure about layer 2 (Network, eg. IP) or even layer 1 (Network interface, eg. Ethernet) ?

From layer 4 to layer 1, we have : Data (layer 4) such as a mail, becoming multiples TCP segments or UDP datagrams (layer 3), and then packets (layer 2) and finally frames (layer 1) ?

I understand that layer 2 has a "physical limit" named MTU (Maximum Transmission Unit) which is around or equal to 1500 bytes for Ethernet. I think MTU concerns the layer number 2 ? PMTUD (Path MTU Discovery) is supposed to help knowning the smallest MTU on the path, and so the highest MTU that can be used ? How is it possible if paquets can travel with differents (and unpredicables?) paths from sender host to receiver host, especially with internet network ?

MSS (Maximum Segment Size) seems to limit the size at the layer 3. And MSS is calculated using the MTU value and a rule that is MSS = MTU - (TCP header + IP header) or, if IPSec is used, MSS = MTU - (TCP header + IP header + IPsec).

I suppose that layer 3 always cuts Data into TCP segmets or UDP datagrams by using and applying the MSS limit size, so the layer 2 receive items with a size already good, and there is no need to cut the segments or datagrams received from layer 3 to obtain packets with a correct size regarding the size limit (MTU) ? No need to cut for layer 2 ?

Similarly, layer 1 does'nt need to cut paquets received from layer 2 to produce network frame ? Frame size limit is 1500 bytes for payload, so again no need to cut ?

I suppose things may become complex during the long (bust fast!) travel from sender to receiver on internet network ?

Can you correct anything that is wrong or incomplete?

Answer 1

I would like to clarify my understand about TCP/IP model and packet cutting. I think it's done by layer 3 (Transport, eg. TCP) but I'm note sure about layer 2 (Network, eg. IP) or even layer 1 (Network interface, eg. Ethernet) ?

From layer 4 to layer 1, we have : Data (layer 4) such as a mail, becoming multiples TCP segments or UDP datagrams (layer 3), and then packets (layer 2) and finally frames (layer 1) ?

First, it is not called packet cutting. It is called fragmentation.

Second, you are missing a layer. Transport is layer 4. Internetwork is layer 3. Data link is layer 2, and Physical is layer 1. Anything above layer 4 can be considered application.

How is it possible if paquets can travel with differents (and unpredicables?) paths from sender host to receiver host, especially with internet network ?

If the MTU decreases, the sender will get an ICMP error and will start a new MTU discovery.

I suppose that layer 3 always cuts Data into TCP segmets or UDP datagrams by using and applying the MSS limit size,

Not layer 3. Layer 4, Transport

Similarly, layer 1 does'nt need to cut paquets received from layer 2 to produce network frame ? Frame size limit is 1500 bytes for payload, so again no need to cut ?

Layer 1 has no concept of frames. It's just bits, so there's no limit.

This question and answer may help you.

Answer 2

"Packet cutting" can happen at two different places:

• TCP will perform "segmentation": they will slice the data to be sent (stream of data) in packets. By default it is based on the MTU of the first link on the path to the destination, but path MTU discovery can be performed to find the smallest MTU on the full path, and use that for segmentation.

• IP will perform "fragmentation": it will slice packets which are too large for the next link to the destination, or refuse to do so and send back an ICMP message if the DF bit ("Don't Fragment") is set. If the packet is fragmented, the fragments will need to be reassembled at the destination before they can be passed to upper layers.

The most common MTU is 1500 bytes (coming from Ethernet), but it may vary a bit depending on the various technologies, especially when encapsulation/tunnelling happens.

If Path MTU discovery is used, the source will send the packets to the destination with the DF bit set. If any link on the path can't accommodate the packet size, the corresponding router will send back an ICMP message to the source telling it the MTU to use, and this will repeat until the packet reaches its destination.

If Path MTU discovery is not used, the source will send packets which may be too big, and which will need to be fragmented and reassembled. For a number of reasons this is a lot less efficient and is to be avoided if at all possible.

Path MTU discovery requires (at least some) ICMP messages to be able to reach the endpoints, which is why networks which filter ICMP messages a bit too happily will get spurious problems when traffic to some destinations go via links with smaller MTUs.

Answer 3

An IPv4 layer-3 packet that is too large may be fragmented by a router, as long as the DF (Do Not Fragment) bit is not set. Many sites now drop fragments to prevents some attack types, so fragmenting is on the way out. IPv6 simply does not allow in-path fragmentation, and it requires PMTUD. Any packet dropped as too large is supposed to have a return ICMP error message about that. IP (layer-3) knows nothing about MSS.

UDP does no segmentation; that is up to the application. TCP segments a stream of data. The MSS is received from the other side, but only during the handshake, indicating the largest segment that the receiver can handle. That may actually be larger than the largest MTU in the path, or even larger than the sender can handle. That is why we have PMTUD. TCP segmentation happens at layer-4, and it should not be confused with IPv4 fragmentation at layer-3.

IP encapsulates the TCP segments or UDP datagrams into layer-3 packets that are further encapsulated into layer-2 frames. Most layer-2 protocols will simply drop frames with packets larger than the MTU of the protocol, and there is no notice given, e.g. a standard ethernet switch will silently drop a frame containing a packet too large for the MTU as damaged or giant.

It is possible the IP may pre-fragment layer-4 segments or datagrams it receives from TCP or UDP. IPv6 can do that because it uses PMTUD to learn the largest MTU allowed in the path. If the path changes and the MTU shrinks, IPv6 will get an ICMP error about that (that is how PMTUD works). IPv6 has a minimum path MTU of 1280, and it will not work with any path that has a smaller MTU.

Layer-1 simply takes the frame and puts the bits of the layer-2 frame on the wire, using the encoding for the particular connection protocol. Generally, layer-1 will send more layer-1 bits than there are layer-2 frame bits due to the encoding method to correct for timing slips.

Not all datagrams, segment, packets, or frames will be the largest possible size. Many things, such as VoIP or control traffic, actually use very small datagrams.

Answer 4

From what I can make out from your question:

• In the TCP/IP model, numbering layers isn't usual and may confuse people. Numbered layers are commonly used with the OSI model (L1-L7).
• "Packet cutting" isn't a thing.
• TCP is a protocol in the transport layer. It segments its arbitrary-length payload data stream for transport with IP.
• Application data is transported by the application layer on top of the transport layer
• The link layer has a maximum frame size that defines its maximum payload (link layer SDU) size. That's the same as the network layer's MTU is derived from (MTU=maximum frame size minus link layer overhead). For IP over Ethernet, that MTU is 1500 bytes.
• PMTUD discovers the MTU for a used path - if the path changes, the PMTU may need to be adapted.
• Not all transport layer protocols segment data, UDP doesn't. It's the application's responsibility to packetize its data.
• On the link layer, frames encapsulate packetized data passed from the next upper layer (often IP). If the data doesn't fit into a frame an error is returned.