Configuring TCP path MTU discovery
NOTE: | All the devices on the TCP path must be enabled to send ICMP error messages by using the ip unreachables enable command. |
TCP path MTU discovery (in RFC 1191) discovers the path MTU between the source and destination ends of a TCP connection. It works as follows:
A TCP source device sends a packet with the Don't Fragment (DF) bit set.
A router that fails to forward the packet because it exceeds the MTU on the outgoing interface discards the packet and returns an ICMP error message, which contains the MTU of the outgoing interface.
Upon receiving the ICMP message, the TCP source device calculates the current path MTU of the TCP connection.
The TCP source device sends subsequent TCP segments that each are smaller than the MSS (MSS =path MTU–IP header length–TCP header length).
If the TCP source device still receives ICMP error messages when the MSS is smaller than 32 bytes, the TCP source device will fragment packets.
An ICMP error message received from a router that does not support RFC 1191 has the MTU of the outgoing interface set to 0. Upon receiving the ICMP message, the TCP source device selects the path MTU smaller than the current path MTU from the MTU table as described in RFC 1191 to calculate the TCP MSS. The MTU table contains MTUs of 68, 296, 508, 1006, 1280, 1492, 2002, 4352, 8166, 17914, 32000, and 65535 bytes. Because the minimum TCP MSS specified by the system is 32 bytes, the actual minimum MTU is 72 bytes.
After you enable TCP path MTU discovery, all new TCP connections will detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation.
The path MTU uses an aging mechanism to make sure that the source device can increase the path MTU when the minimum link MTU on the path increases.
When the TCP source device receives an ICMP error message, it reduces the path MTU and starts an age timer for the path MTU.
After the age timer expires, the source device uses a larger MSS in the MTU table as described in RFC 1191.
If no ICMP error message is received within two minutes, the source device increases the MSS again until the MSS is as large as the MSS negotiated during TCP three-way handshake.
To enable TCP path MTU discovery:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable TCP path MTU discovery. | tcp path-mtu-discovery [ aging minutes | no-aging ] | Optional. Disabled by default. |