6

Note: I understand both what MTU and MSS do so I am not asking about their function here. I understand that when a TCP connection is being established, the MSS is exchanged and it dictates the maximum size of the segment (without TCP and other headers) that one device can send to another.

I also understand that devices have MTU (which works on both layer 2 and layer 3) but for simplicity, it's the maximum size of the packet (ethernet payload) that can be sent or received over a wire.

My question is, why do we need both? More specifically, why can't we just rely on our MTU to ensure that we're not sending packets that are too large? There's also PMTUD (Path MTU Discovery) which allows the devices to discover whether there are any lowered MTU values along the path.

If there are, the ICMP Fragmentation Needed message is sent by the device and the receiving device sends smaller packets to accomodate for the lower MTU in the path.

So what's the significance of MSS, then? Why can't we use and rely just the MTU? Why do we need both?

Ron Maupin
  • 102,040
  • 26
  • 123
  • 202
Mitrixsen
  • 1,031
  • 8
  • 19

2 Answers2

7
  • The MTU is a local interface property. It is not signaled to communication partners.[*1]
  • TCP exchanges the MSS between communication partners (it's an option but used commonly).

[*1] You might argue that that is PMTUD's job, but PMTUD works through routers, not end nodes. If the end node cannot accept an oversized packet, it cannot read the source and cannot return an ICMP Packet Too Big message. Practically, the router in front of the MTU reduction is the one returning that message.

Then why does the MSS option exist when PMTUD could do it? Well, MSS predates PMTUD by several years and does not rely on ICMP from intermediate hops. Also, a host may have buffering limitations that apply to TCP segments but not to packets, so using MSS is more specific.

Zac67
  • 90,111
  • 4
  • 75
  • 141
3

What a host sees as the MTU may be completely different than what the host on the other end of a connection has for an MTU. When TCP creates a connection, there is the option to send to the other side the MSS in order to make sure anything sent to it does not exceed its MSS. If that option is not used, it means that it will be able to receive segments of any size.

From RFC 9293 Transmission Control Protocol (TCP)

If this option is present, then it communicates the maximum receive segment size at the TCP endpoint that sends this segment. This value is limited by the IP reassembly limit. This field may be sent in the initial connection request (i.e., in segments with the SYN control bit set) and MUST NOT be sent in other segments (MUST-65). If this option is not used, any segment size is allowed. A more complete description of this option is provided in Section 3.7.1.

Also, the MSS can be larger than the MTU, and the MSS is dependent on the size of the IP reassembly buffer. For example, a host sending a packet size 4500 (think token ring or serial) to a host on an ethernet segment with a 1500 octet MTU. The packet will be fragmented, but if the IP reassembly buffer is large enough to reassemble the original 4500 packet, then the ethernet MSS does not need to be smaller than what the sender can send.

With packet fragmentation on the way out (many companies drop packet fragments, and IPv6 does not have in-path fragmentation), you may never see a bigger segment.

Ron Maupin
  • 102,040
  • 26
  • 123
  • 202