Networks Training

You are here: Home / General Networking / Comparison of Interface MTU vs IP MTU vs MSS in Computer IP Networks

Comparison of Interface MTU vs IP MTU vs MSS in Computer IP Networks

Edited By

Packet-based communication networks that operate using protocols like IP follow layered models such as the OSI and TCP/IP frameworks. These models involve the encapsulation and decapsulation of protocol data units (PDUs) through the addition and removal of headers at each layer.

Two key parameters involved in this encapsulation process are the Maximum Transmission Unit (MTU) and the Maximum Segment Size (MSS).

While distinct, these closely related concepts are essential for ensuring efficient data transmission and understanding them is essential to effectively diagnose and resolve related network issues.

In this article, we’ll clearly define MTU and MSS, explore how they are applied in data networks, and examine some of the most important scenarios in which these parameters come into play.

What is the MTU?

The MTU (Maximum Transmission Unit) is a parameter that defines the largest size of data units that can be transmitted across a network without requiring fragmentation.

The term MTU can refer to two distinct but related values: one at Layer 2 (Data Link) and another at Layer 3 (Network). These are commonly known as the “Interface MTU” and the “IP MTU”, respectively.

Interface MTU

The Interface MTU refers to the maximum size of a frame that can be transmitted over a Layer 2 interface, such as an Ethernet link, without being dropped or fragmented.

In practical terms, it defines the largest payload (excluding the Layer 2 header and trailer) that an interface can transmit. For standard Ethernet, this value is typically 1500 bytes.

Jumbo frames, which can carry more than 1500 bytes of payload (commonly up to 9000 bytes), are sometimes used in data centers or specialized environments to improve efficiency.

Jumbo frames can be transmitted throughout an infrastructure that has the interface MTU configured at a value of 9000 throughout the entire path.

IP MTU

The IP MTU is the maximum size of an IP packet (including IP headers) that can be transmitted over a given path without fragmentation at the IP layer.

While the IP MTU is usually constrained by the interface MTU, additional encapsulations (such as tunneling or VPNs) may effectively reduce the usable IP MTU.

For example, when a GRE or IPsec tunnel is added, additional headers are inserted between the Ethernet header and the original IP header, reducing the available space for the IP payload.

In such cases, if the IP MTU is not properly adjusted or discovered dynamically, larger packets may be fragmented, or worse, dropped, leading to degraded performance or connectivity issues.

Relationship between IP and Interface MTUs

Even though these values operate at distinct layers, if left at their default values, the IP MTU and the interface MTU are actually the same size. The following diagram shows this:

Be aware however that they are defined differently. The interface MTU sets the maximum “container size” or size of the Ethernet payload that is allowed through an interface, while the IP MTU sets the maximum size of the IP packet that can be acomodated, including the header.

MORE READING:  Comparison of BGP Confederations vs Route Reflectors

This difference can be further clarified if we introduce the use of a tunneling protocol, such as GRE. The following diagram shows the difference between the two more clearly:

Here you can see that the outer IP header and the GRE header are not included in the IP MTU, while they are included in the interface MTU.

In this particular scenario, if the Interface MTU is set to 1500 bytes, the IP MTU must be set to 1500 – 20 – 12 = 1468 bytes, which is the typical IP MTU size that should be used when a GRE tunnel is being employed.

If other tunneling protocols are being used with different overhead sizes, the IP MTU must be adjusted accordingly.

MTU and Fragmentation

During encapsulation, if a packet exceeds the IP MTU and the Don’t Fragment (DF) bit is not set, the IP layer will fragment the packet into two or more IP packets to be sent using multiple frames.

However, if the DF bit is set (which is often the case with modern TCP/IP stacks), and the packet exceeds the MTU, it will be dropped, and an ICMP “Fragmentation Needed” message is expected to be sent back to the sender.

This functionality is part of Path MTU Discovery (PMTUD) mechanism which is able to discover the minimum MTU along the path in order to generate IP packets that will not exceed that minimum value, resulting in the elimination of fragmentation, and the increase in network efficiency.

However, in networks where ICMP messages are filtered or blocked, PMTUD may fail, leading to what is known as a black hole, where traffic “mysteriously” disappears because it’s silently dropped due to MTU mismatches.

What is the MSS?

The Maximum Segment Size or MSS is the largest size of the payload of a TCP segment in bytes that a device is willing to receive in a single segment.

The MSS is a value that is negotiated during the TCP three-way handshake at the beginning of a TCP session and remains constant for the duration of that session. The following diagram shows the MSS and how it relates to the IP and Interface MTUs.

mss

Default MSS values are typically the MTU – 40 bytes where 40 bytes is the sum of the sizes of the IP and TCP headers.

MSS is an important parameter because it helps avoid the fragmentation of TCP segments, making TCP transmission more efficient.

For completeness, take a look at this diagram as well, which incorporates all three parameters in a scenario where tunneling headers are used:

mss in tunneling

Comparison of IP MTU, Interface MTU, and MSS

The following table clearly outlines the differences and relationships between Interface MTU, IP MTU, and MSS:

Parameter

Layer

Definition

Includes

Excludes

Typical Value (Ethernet)

Negotiated or Fixed
Interface MTU Layer 2 (Data Link) Max size of Ethernet payload that can be transmitted over an interface IP header, TCP/UDP header, Payload Ethernet header, FCS 1500 bytes Fixed (configured on interface)
IP MTU Layer 3 (Network) Max size of an IP packet that can be sent without fragmentation IP header and payload Ethernet header, TCP/UDP header 1500 bytes (same as Interface MTU unless tunneling is used) Fixed or dynamically discovered using PMTUD
MSS Layer 4 (Transport) Max amount of TCP data (payload) that a device can receive in a single segment TCP payload only IP and TCP headers 1460 bytes (1500 – 20 IP – 20 TCP) Negotiated during TCP handshake
MORE READING:  Comparison of IP Layer 3 Packet vs Layer 2 Frame in Networking

Implementation on Cisco Devices

All three of these parameters can be either directly or indirection configured on Cisco IOS devices.

Configuring Interface MTU

On Cisco devices, the Interface MTU is configured directly on the network interfaces. The exact method depends on the platform and IOS version in use:

  • On older or lower-end devices, the MTU is set globally using the system mtu command, which applies the same MTU value to all interfaces like so:

Switch(config)# system mtu 1500

  • On newer or higher-end devices, the MTU is typically configured on a per-interface basis using the mtu command:

Router(config)# interface GigabitEthernet0/1

Router(config-if)# mtu 1500

The valid MTU range varies depending on the platform and IOS version. Many devices support MTU values up to 9000 bytes or more to accommodate jumbo frames, especially in data center environments.

Configuring IP MTU

The IP MTU is configured specifically on Layer 3 interfaces using the ip mtu command. This sets the maximum size of the IP packet (including headers) that can be transmitted on that interface without fragmentation:

Router(config)# interface GigabitEthernet0/1

Router(config-if)# ip mtu 1500

This is particularly useful in scenarios involving tunneling or VPNs, where additional encapsulation headers reduce the effective MTU for IP traffic.

Influencing MSS

The MSS cannot be directly configured as a fixed value on a router or switch because it is negotiated dynamically between end devices during the TCP three-way handshake.

However, Cisco devices can modify or influence the MSS value during transit using the ip tcp adjust-mss command. This is commonly used on interfaces connected to VPNs or tunnels to prevent fragmentation by reducing the MSS value seen by endpoints:

Router(config)# interface GigabitEthernet0/1

Router(config-if)# ip tcp adjust-mss 1360

In the example above, any TCP SYN packets passing through the interface will have their MSS option modified to 1360 bytes.

As a result, the receiving endpoint believes that the sender is requesting an MSS of 1360. When the receiver replies with its own SYN-ACK, it includes this adjusted MSS value, effectively confirming it.

The original sender interprets this as the receiver requesting a smaller MSS and proceeds to use that value for the session.

This mechanism ensures that the TCP segment sizes stay within the limits of the adjusted MTU, which is especially important in scenarios where tunneling or VPN overhead reduces the available payload size.

Conclusion

Any self-respecting and competent network engineer should have a solid understanding of these concepts in order to design networks more effectively and to troubleshoot issues related to MTU and MSS. Grasping how these parameters function and interact is a significant part of every network engineer’s professional development.

Spread the love

Related Posts

Filed Under: General Networking

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

By subscribing to our email list you will be receiving technical tutorials and industry news from time-to-time. You can unsubscribe at any time.

About Lazaros Agapidis

Lazaros Agapidis is a Telecommunications and Networking Specialist with over twenty years of experience.
He works primarily with IP networks, VoIP, Wi-Fi, and 5G, has extensive experience in training professionals for Cisco certifications, and his expertise extends into telecommunications services and infrastructure from both an enterprise and a service provider perspective.
In addition to his numerous vendor certifications, Lazaros has a solid online presence as an expert in his field, having worked in both public and private sectors within North America and in Europe.
He has enjoyed sharing his practical experiences in writing as well as through engaging online training.
LinkedIn: Lazaros Agapides

Comments

  1. MangoJuice2 says

    This by far is the absolute best material which explains differences between different MTUs and MSS. Thank you for your work!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

BLOGROLL

Tech21Century
Firewall.cx