Thread Info
  • Replies 0 replies
  • Subscribers 28 subscribers
  • Views 12742 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: MTU and MSS

emmosophos

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

While dealing with MTU and MSS values of any normal interface type, such as Static and DHCP, the MTU default would be 1500, and the MSS value would be 1500-40=1460. 

This is different in PPPOE case; we would need an additional 8-byte PPPoE, i.e. PPP-Max-Payload field, which needs an additional 8 bytes and truncates the Ethernet MTU to 1492, and the value for MSS is 1452. 

Difference between Ethernet MTU and IP MTU. 

Ethernet MTU.

The main difference is that interface MTU defines the maximum packet size supported by an interface, while IP MTU sets the MTU size of IP PACKET. Each interface has a default maximum packet size or MTU size. This number generally defaults to the largest size possible for that interface type.

IP MTU A.K.A MRU.

To set the maximum transmission unit (MTU) size of IP packets sent on an interface. The minimum is 128 bytes; the maximum depends on the interface medium.

 Changing the MTU value (with the MTU interface configuration command) can affect the IP MTU value. If the current IP MTU value is the same as the MTU value, and you change the MTU value, the IP MTU value will be modified automatically to match the new MTU. However, the reverse isn’t true; changing the IP MTU value does not affect the value of the MTU command.

"The Maximum-Receive-Unit (MRU) option MUST NOT be negotiated to a larger size than 1492. Since Ethernet has a maximum payload size of 1500 octets, the PPPoE header is six octets, and the PPP Protocol ID is two octets, the PPP MTU MUST NOT be greater than 1492." -> Taken from RFC 2516

Calculation

1. Interface MTU - default MTU size for an interface:

For PPPOE connection Ethernet MTU  = IP MTU + 8. 8 bytes for overhead

For Normal Connection Ethernet MTU  = IP MTU.

Mss value = IP MTU - 40.

So the difference between ethernet MTU and MSS value is 48, not 40. 



Horizontal Line, Gramma, Table of Contents
[edited by: emmosophos at 6:53 PM (GMT -8) on 16 Nov 2023]
Unfiltered HTML