MSS in TCP

The maximum size packets that TCP sends can have a major impact on bandwidth, because it is more efficient to send the largest possible packet size on the network.

TCP controls this maximum size, known as Maximum Segment Size (MSS), for each TCP connection. For direct-attached networks, TCP computes the MSS by using the MTU size of the network interface and then subtracting the protocol headers to come up with the size of data in the TCP packet. For example, Ethernet with a MTU of 1500 would result in a MSS of 1460 after subtracting 20 bytes for IPv4 header and 20 bytes for TCP header.

The TCP protocol includes a mechanism for both ends of a connection to advertise the MSS to be used over the connection when the connection is created. Each end uses the OPTIONS field in the TCP header to advertise a proposed MSS. The MSS that is chosen is the smaller of the values provided by the two ends. If one endpoint does not provide its MSS, then 536 bytes is assumed, which is bad for performance.

The problem is that each TCP endpoint only knows the MTU of the network it is attached to. It does not know what the MTU size of other networks that might be between the two endpoints. So, TCP only knows the correct MSS if both endpoints are on the same network. Therefore, TCP handles the advertising of MSS differently depending on the network configuration, if it wants to avoid sending packets that might require IP fragmentation to go over smaller MTU networks.

The value of MSS advertised by the TCP software during connection setup depends on whether the other end is a local system on the same physical network (that is, the systems have the same network number) or whether it is on a different (remote) network.

MTU and MRU

http://www.networkers-online.com/blog/2016/03/understand-mtu-and-mru-the-full-story/

==========================

Understand MTU and MRU – The Full Story

MTU or Maximum transmission unit is a topic that pops up every once in a while in different discussions. Although it’s a simple concept, it causes a lot of confusion specially for those who are new to the field. MTU typically becomes an issue of concern during network changes, like adding new vendors equipment or upgrading to a new software. One reason for that is the difference in implementations used by different vendors or even between different OS versions or equipment from the same vendor. Here is an example for such confusion MTU and ping size confusion.

On the other hand MRU which I was discussing today with a college or maximum receive unit is not talked about as much, probably because it rarely pops up in problems or configuration requirements and it typically matches MTU by default, but doesn’t have to be.

Let’s build up these concepts from scratch.

What is a data packet?

A packet is the single unit of data that is routed between a source and a destination on the network. Each packet contains information to help devices route or switch the packet to its destination and actual data known as payload.

What is MTU?

A maximum transmission unit (MTU) is the largest length of a packet that can be transmitted out of an interface toward a destination. When the word MTU is used plainly, we are typically referring to the interface MTU, but when talking about a protocol MTU (e.g IP MTU, MPLS MTU) we are typically referring to the maximum payload of the protocol itself.

Whether the headers are included or not is an implementation that can vary from box to another and from OS to another, so it should always be tested out specially when operating on a multivendor environment.

We can’t really understand how MTU is playing a part in network operations, without understanding the concept of path MTU.

Path MTU: is to the lowest MTU of an interface on the path between the source and destination. Path MTU is a very important aspect because it has a huge impact on the overall performance of the network and end user experience.

The image below presents an analogy to clarify the path MTU concept. As you can see in the image the yellow rectangles height represents the exit interface MTU of the router (don’t confuse this with bandwidth). The packet in the diagram can easily fit the MTU of the interfaces in the first segment connecting routers A and B; in the second segment, the MTU is smaller and such big packet doesn’t fit the yellow rectangle (interface MTU) in one chunk. Therefore the path MTU is actually the MTU of the second exist interface (The smallest), because the whole path will only be able to pass packets that fits this MTU.

Default interface MTU values: source Wikipedia

Media	Maximum Transmission Unit (bytes)	Notes
Internet IPv4 Path MTU	At least 68, max of 64KB	Practical path MTUs are generally higher. Systems may use Path MTU Discovery to find the actual path MTU.
Internet IPv6 Path MTU	At least 1280,max of 64KB, but up to 4GB with optional jumbogram	Practical path MTUs are generally higher. Systems must use Path MTU Discovery to find the actual path MTU.
Ethernet v2	1500	Nearly all IP over Ethernet implementations use the Ethernet V2 frame format.
Ethernet Jumbo Frames	1501 – 9198	The limit varies by vendor. For correct interoperation, the whole Ethernet network must have the same MTU.Jumbo frames are usually only seen in special-purpose networks.
PPPoE over Ethernet v2	1492	= Ethernet v2 MTU (1500) – PPPoE Header (8)
PPPoE over Ethernet Jumbo Frames	1493 – 9190	= Ethernet Jumbo Frame MTU (1501 – 9198) – PPPoE Header (8)

What happens if a packet size is bigger than path MTU?

If one host is sending packets that are having a bigger length than the path MTU and IPv4 is in play, these packets will be fragmented if Don’t Fragment (DF) bit is not set. If they can’t be fragmented they will be dropped by the device processing them and an ICMP message with code “fragmentation needed” will be sent to the source to warn it about the problem. Fragmentation is generally a bad thing; it increases network overhead, consumes routers resources and results in many unwanted side effects.

When the source receives “fragmentation needed” ICMP packets, it needs to lower it’s packet size to match to avoid packets being dropped by middle routers.

If IPv6 is in play, we know that it doesn’t support fragmentation, such large packets will be dropped and ICMPv6 message “Packet too big” will be sent to the source to inform it that it needs to lower the packet size to avoid the drops.

There are some mechanism that are used solely to avoid these problems in the first place. Two of them are PMTUD and TCP MSS adjust.

What is path MTU discovery (PMTUD) ?

Path MTU discovery is a standardized mechanism that is used by end hosts to avoid fragmentation or packet drops. The basic idea is that the source host will assume that the path MTU is equal to it’s exit interface MTU and will send all packets on the path with (DF bit) set. If any of the packets is bigger than the path MTU, it will be dropped by the middle routers and an ICMP message will be sent to the source to inform it that it needs to lower the packet size.

The process will continue by the host until it determines the suitable packet size and to detect any changes in the paths or it will remove the DF bit and allow the packets to be fragmented.

The process is pretty similar when using IPv6, with the difference that fragmentation is not allowed in IPv6 and there is No DF bit to set.

For full details refer to the following RFCs:

RFC 1191, Path MTU Discovery, J. Mogul, S. Deering (November 1990)
RFC 1981, Path MTU Discovery for IP version 6, J. McCann, S. Deering, J. Mogul (August 1996)

What is TCP MSS?

I wanted to touch briefly on Maximum segment size, known as TCP MSS.

TCP MSS is an option in the TCP header that is used by the two ends of the connection independently to determine the maximum segment size that can be accepted by each host on this connection. The maximum segment size is simply the maximum data payload that a TCP packet can accommodate on the connection.

This option can be manipulated by network operators using a feature known as TCP MSS adjust. The feature allows middle routers to intercept and alter this value if configured to do so as a technique to avoid MTU problems mentioned above.

Lastly, MRU?

On the other hand maximum receive unit (MRU) is the largest packet size that an interface can receive, so it’s an ingress interface parameter. In most of the cases MRU equals MTU but it’s not a requirement. You can configure different values for both MTU and MRU to achieve some benefits.

What if packets received are bigger than interface MRU?

If a device is receiving packets that are bigger in length than interface MRU due to some reason, the packets will be considered “Too big” or oversized. Usually there will be a counter incrementing on the interface and those packets will likely be dropped by the router’s forwarding plane.

Packet Flow between Switches and Routers

Please go through following link,

https://www.practicalnetworking.net/series/packet-traveling/host-to-host-through-a-router/

Host to Host through a Router

JANUARY 25, 2016 by ed harmoush 25 comments

This article is a part of a series on Packet Traveling — everything that happens in order to get a packet from here to there. Use the navigation boxes to view the rest of the articles.

Packet Traveling

We’ve looked at what it takes for two hosts directly connected to each other to communicate. And we’ve looked at what it takes for a host to speak to another host through a switch. Now we add another network device as we look at what it takes for traffic to pass from host to host through a Router.

This article will be the practical application of everything that was discussed when we looked at a Router as a key player in Packet Traveling. It might be worth reviewing that section before proceeding.

We will start by looking at the two major Router Functions, then see them in action as we look at Router Operation.

To discuss our way through these concepts, we will use the following image. We will focus on R1, and what is required for it to forward packets from Host A, to Host B and Host C.

For simplicity, the MAC addresses of each NIC will be abbreviated to just four hex digits.

Router Functions

Earlier we mentioned that a Router’s primary purpose is to facilitate communication between networks. As such, every router creates a boundary between two networks, and their main role is to forward packets from one network to the next.

Notice in the image above, we have R1 creating a boundary between the 11.11.11.x network and the 22.22.22.x network. And we have R2 creating a boundary between the 22.22.22.x and 33.33.33.x networks. Both of the routers have an interface in the 22.22.22.x network.

In order to forward packets between networks, a router must perform two functions: populate and maintain a Routing Table, and populate and maintain an ARP Table.

Populating a Routing Table

From the perspective of each Router, the Routing Table is the map of all networks in existence. The Routing Table starts empty, and is populated as the Router learns of new routes to each network.

There are multiple ways a Router can learn the routes to each network. We will discuss two of them in this section.

The simplest method is what is known as a Directly Connected route. Essentially, when a Router interface is configured with a particular IP address, the Router will know the Network to which it is directly attached.

For example, in the image above, R1’s left interface is configured with the IP address 11.11.11.1. This tells R1 the location of the 11.11.11.x network exists out its left interface. In the same way, R1 learns that the 22.22.22.x network is located on its right interface.

Of course, a Router can not be directly connected to every network. Notice in the image above, R1 is not connected to 33.33.33.x, but it is very likely it might have to one day forward a packet to that network. Therefore, there must exist another way of learning networks, beyond simply what the router is directly connected to.

That other way is known as a Static Route. A Static Route is a route which is manually configured by an administrator. It would be as if you explicitly told R1 that the 33.33.33.x network exists behind R2, and to get to it, R1 has to send packets to R2’s interface (configured with the IP address 22.22.22.2).

In the end, after R1 learned of the two Directly Connected routes, and after R1 was configured with the one Static Route, R1 would have a Routing Table that looked like this image.

The Routing Table is populated with many Routes. Each Route contains a mapping of Networks to Interfaces or Next-Hop addresses.

Every time a Router receives a packet, it will consult its Routing Table to determine how to forward the packet.

Again, the Routing Table is a map of every network that exists (from the perspective of each router). If a router receives a packet destined to a network it does not have a route for, then as far as that router is concerned, that network must not exist. Therefore, a router will discard a packet if its destination is in a network not in the Routing Table.

Finally, there is a third method for learning routes known as Dynamic Routing. This involves the routers detecting and speaking to one another automatically to inform each other of their known routes. There are various protocols that can be used for Dynamic Routing, each representing different strategies, but alas their intricacies fall outside the scope of this article series. They will undoubtedly become a subject for future articles.

That said, the Routing Table will tell the router which IP address to forward the packet to next. But as we learned earlier, packet delivery is always the job of Layer 2. And in order for the Router to create the L2 Header which will get the packet to the next L3 address, the Router must maintain an ARP Table.

Populating an ARP Table

The Address Resolution Protocol (ARP) is the bridge between Layer 3 and Layer 2. When provided with an IP address, ARP resolves the correlating MAC address. Devices employ ARP to populate an ARP Table, or sometimes called an ARP Cache, which is a mapping of IP address to MAC addresses.

A router will use its Routing Table to determine the next IP address which should receive a packet. If the Route indicates the destination exists on a directly connected network, then the “next IP address” is the Destination IP address of the packet – the final hop for that packet.

Either way, the Router will use a L2 header as the vessel to deliver the packet to the correct NIC.

Unlike the Routing Table, the ARP Table is populated ‘as needed’. Which means in the image above, R1 will not initiate an ARP Request for Host B’s MAC address until it has a packet which must be delivered to Host B.

But as we discussed before, an ARP Table is simply a mapping of IP addresses to MAC addresses. When R1’s ARP Table will be fully populated, it will look like this image.

Once again, for simplicity, the images in this article are simply using four hex digits for the MAC addresses. In reality, a MAC address is 12 hex digits long. If its easier, you can simply repeat the four-digit hex MAC address three times, giving R2’s left interface a “real” MAC address of bb22.bb22.bb22.

Router Operation

With the understanding of how a Router populates its Routing Table and how a Router intends to populate its ARP Table, we can now look at how how these two tables are used practically for a Router to facilitate communication between networks.

In R1’s Routing Table above, you can see there are two type of routes: some that point to an Interface, and some that point to a Next-Hop IP address. We’ll frame our discussion around a Router’s operation around these two possibilities.

But first, we will discuss how Host A delivers the packet to its Default Gateway (R1). Then we will look at what R1 does with a packet sent from Host A to Host B, and then another packet that was sent from Host A to Host C.

Host A getting the Packet to R1

In both cases, Host A is communicating with two hosts on foreign networks. Therefore, Host A will need to get either packet to its default gateway — R1.

Host A will create the L3 header with a Source IP address of 11.11.11.77, and a Destination IP address of 22.22.22.88 (for Host B) or 33.33.33.99 (for Host C). This L3 header will serve the purpose of getting the data from ‘end to end’.

But that L3 header won’t be enough to deliver the packet to R1. Something else will have to be used.

Host A will then encapsulate the L3 header in a L2 header which will include a Source MAC address of aaaa.aaa.aaaa and a Destination MAC address of aa11.aa11.aa11 — the MAC address which identifies R1’s NIC. This L2 header will serve the purpose of delivering the packet across the first hop.

Host A will have already been configured with its Default Gateway’s IP address, and hopefully Host A will have already communicated with foreign hosts. As such, Host A more than likely already had an ARP Table entry with R1’s MAC address. Conversely, if this was Host A’s first communication with a foreign host, forming the L2 header would have been preceded with an ARP Request to discover R1’s MAC address.

At this point, R1 will have the packet. The Destination IP address of the packet will either be 22.22.22.88 for the communication sent to Host B, or 33.33.33.99 for the communication sent to Host C. Both of those destinations exist in R1’s Routing Table — the difference is one Route points to an Interface and the other Route points to a Next-Hop IP.

Routes pointing to an Interface

A Route in a Routing Table that points to an Interface was typically learned because the Router was Directly Connected to the network. If a packet’s Destination IP address is in a network which is directly connected to the router, the Router knows they are responsible for delivering the packet to its final hop.

The process is similar to what has been discussed before. The Router uses the L3 header information to determine where to send the packet next, then creates a L2 header to get it there. In this case, the next (and final) hop this packet must take is to the NIC on Host B.

The L3 header will remain unchanged — it is identical to the L3 header created by Host A.

What is different, is the L2 header. Notice the Source MAC address is bb11.bb11.bb11 — R1’s right interface MAC address. The old L2 header which Host A had created to get the packet to R1 was stripped off, and a new L2 header was generated (by R1) to deliver it to the next NIC.

The Destination MAC address is, of course, bbbb.bbbb.bbbb — the MAC address for Host B.

Routes pointing to a Next-Hop address

For the packet from Host A sent to Host C, the Destination IP address will be 33.33.33.99. When R1 consults its Routing Table, it will determine that the next-hop for the 33.33.33.x network exists at the IP address 22.22.22.2 — R2’s left interface IP address.

Effectively, this tells R1 to use a L2 header which will get the packet to R2 in order to continue forwarding this packet along its way.

Since the current “hop” is between R1 and R2, their MAC addresses will make up the Source and Destination MAC addresses:

Again, the L3 header remains unchanged, it includes the same Source and Destination IP addresses initially set by Host A — these addresses represent the two “ends” of the communication. The L2 header, however, is completely regenerated at each hop.

Should R1 not have R2’s MAC address, it would simply initiate an ARP Request for the IP address in the route: 22.22.22.2. From then on, it will have no problems creating the proper L2 header which will get the packet from R1 to R2.

As the process continues, R2 will finally receive the packet, and then be faced with the same situation that R1 was in for the example above — deliver the packet to its final hop.

This process can be continued as needed. Had Host A been trying to speak to Host X which had 10 routers in the path, the process would have been identical. Each transit Router in the path would have a Route mapping Host X’s network to the next-hop IP in the path. Until the final router which would be directly connected to the network Host X resided in. And that final router would be responsible for delivering the packet to its final hop — Host X itself.

How Ping Works ?

Summary:

++++++++++

At this point, you should have a fairly complete understanding of the cycle of processing associated with ping.

Let me recapitulate the essential elements:

• As the ping program initializes, it opens a raw ICMP socket so that it can employ IP directly, circumvent-

ing

TCP and UDP

• Ping formats an ICMP type 8 message, an Echo Request, and sends it (using the “sendto” function) to

the designated target address. The system provides the IP header and the data link layer envelope.

¶s ICMP messages are received,

ping has the opportunity to examine each pack

et to pick out those

items that are of interest.

• The usual behavior is to siphon off ICMP type 0 messages, Echo Replies, which have an identification

field v

Link: http://images.globalknowledge.com/wwwimages/whitepaperpdf/WP_Mays_Ping.pdf

alue that matches the program PID.

Bash Script Tutorial Link

http://ryanstutorials.net/bash-scripting-tutorial/