Resolving IP Fragmentation with WCCP GRE by adjusting the TCP MSS


<< Back to Knowledge Search

Solution

Overview

IP fragmentation is something that should be avoided if possible because it is costly in terms of router and end node processing . In the worst case scenario, the device that is fragmenting and reassembling will become CPU bound and other traffic flows will suffer, performance will diminish and service can be denied.

Cause
Resolution

There are numerous schemes that have been developed to minimize, if not eliminate, IP fragmentation by coercing the various entities on a circuit to agree on a logical transmission unit that will fit into one physical MTU (maximum transmission unit). The method referred to in this solution is the TCP adjust-mss parameter available on many Cisco routers. This is likely to be the most useful way to coerce the network partners to stay within a defined physical MTU. What is being done with this option is to force the TCP Maximum Segment Size (MSS) field, which is effectively the data payload, to fit within the MTU.

The negotiation of MSS is done between the client and server and each side can have a different value.

The negotiation is based on two factors:   1) Receive Buffer size and 2) Maximum Transmission Unit. The lesser value between these two factors is chosen. In default configurations this negotiation does not take into account any intermediate devices that might be adding bytes to create tunnels and such along the way between the client and server.  This calculation also does not take into account any additional bytes in the IP options fields or the TCP options fields (e.g. ADN).  If the Maximum Transmission Unit of Ethernet (1500) is left at its default and it turns out to be the least common denominator along the path, then this allows TCP to negotiate a message size of 1500 –  20 bytes  or 1480 bytes. This simple calculation is the result of removing a standard IP header size (20 bytes) from the maximum Ethernet payload of 1500 bytes.

The use of WCCP with GRE guarantees some ip fragmentation will occur in default Ethernet configurations. This is because GRE adds 24 bytes to a standard Ethernet frame and WCCP adds an additional  4 bytes.  So, if the MSS is negotiated to 1480 and IP adds it’s 20 bytes , then the additional 28 bytes added by GRE and WCCP force IP to fragment the resultant 1528 byte  frame.

The use of the TCP Adjust-MSS command on the Cisco router will modify the maximum segment size field (MSS) for TCP SYN packets traveling through an interface. It is applied at the interface level.  The router compares the MSS value of incoming or outgoing packets against the adjusted MSS setting and replaces with the adjusted value when the presented value is larger. The receiving side will adjust  its TCP send buffer  to the lower value and at the same time to a value that has been manipulated to keep it’s TCP frames within path MTU.  

A caveat to this technique is that it only works for TCP traffic. As a general rule, also, it is best to place the command on the interface(s) that are closest to the SYN packets.

What is the best number to use?

Here is a conservative calculation for Ethernet:

MTU                                      1500

IP Header                               -20

TCP Header                           -20

GRE/WCCP                           - 28

TCP OPTIONS                       - 12

ip  tcp adjust-mss       =   1420

Workaround
Additional Information
Bug Number
InQuira Doc IdKB3790
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG 200, ProxySG 210, ProxySG 510, ProxySG 810, ProxySG 8100, ProxySG 9000
Topic      Networking, Performance
Article Number      000013205
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat