Mikrotik PPPoE users MTU issue.!

By | March 9, 2022

As I have experienced ,Most of the PPPoE users faces the problem to open up some
specificwebsites when they are dialing as a pppoe subscriber .

Let me show you to find the problems easily and also you just have to play with the
TCP Mss in your mikroitk NAS or Mikrotik Router .

Different interfaces has different types of MTU such as Gre,Ethernet,PPPoE interfaces etc ..!

The maximum payload allowed on an Ethernet frame is 1500 bytes. For a PPPoE interface, the PPPoE header uses 6 bytes and the PPP protocol ID uses 2 bytes. This restricts the maximum receive unit (MRU) size on a PPPoE interface to 1492 bytes, which can cause frequent fragmentation and reassembly of larger PPP packets received over the PPPoE interface.

Layer 2 Frame Structure.

MTU Header Sizes

As you can see in above picture, that a single Ethernet frame can carry up to 1500 bytes of data. On top of this data we add the Ethernet header. Typical header sizes are 14 bytes for Ethernet (add another 4 bytes if you use 802.1Q Trunking.

A typical Ethernet header is 14 bytes if we are not using 802.1Q tag ,The IP header is 20 bytes and TCP header is also 20 bytes. The maximum amount of payload that TCP can use which we called as TCP MSS (Maximum Segment Size). 

This MSS value is the largest amount of data that a host can receive in a single TCP segment. This value is used to set a limit on the payload in order to prevent fragmentation and is sent in the SYN packet during the 3 way handshake.

Note:-The MSS value isn’t synchronized between hosts, it can be different for each direction.

If we have an IP packet that is sent on our LAN to WAN and The size of the Ethernet frame will be .

1460 bytes of payload for TCP.
20 bytes for the TCP header.
20 bytes for the IP header.
14 bytes for the Ethernet header.

1460 (PAYLOAD) + 20 (TCP) + 20 (IP) = 1500 bytes + 14 (ETHERNET) = 1514 bytes in total.

There will be no problem if we send 1514 Bytes of frame but what if we have another encapsulation such as PPPoE,GRE etc , which will add another few bytes of data over the ethernet mtu , In that case the interface cant deal with it so we need fragmentation .

Now Lets talk about the TCp MSS,MSS Stands for Maximum Segment Size.

More specifically, MSS is the largest TCP (Transport Control Protocol) segment size that a network-connected device can receive. MSS defines “segment” as only the length of the payload, not any attached headers. MSS is measured in bytes. MTU measures the total weight of the packet in bytes.

The MSS is equal to MTU minus the size of a TCP header and an IP header:

MTU – (TCP header + IP header) = MSS

One of the key differences between MTU and MSS is that if a packet exceeds a device’s MTU, it is broken up into smaller pieces, or “fragmented.” In contrast, if a packet exceeds the MSS, it is dropped and not delivered.

How TCP MSS Decides between Sender and Reciver ?

TCP works by opening a connection between the two devices that are communicating via a process called a TCP handshake. The MSS is agreed on during the TCP handshake: both devices communicate the size of the packets they are able to receive.

TCP MSS example ..!

Lets say a router has an MTU of 1,500, meaning it only accepts packets up to 1,500 bytes long.So longer then 1500 bytes packets will be fragmented.in that case, What should be the MSS for the router be set ?.

MTU – (TCP header + IP header) = MSS

1500 – (20 + 20) = 1460

The router’s MSS should be set to 1,460 bytes. Packets with a payload size larger than 1,460 bytes will be dropped.

What if we have PPPoE interface and which will add another 8 Byte to the frame , in
that the MSS must as given below .

1500 – (20(IP) + 20(TCP) + 8(PPPoE) = 1452.

TCP Fragmentation Configuration in Mikrotik ..!

/ip firewall mangle
add action=change-mss chain=forward comment=\
“Change all MSS to 1452 only if bigger than 1452” new-mss=1452 passthrough=yes \
protocol=tcp tcp-flags=syn tcp-mss=1453-65535

Leave a Reply

Your email address will not be published.