IP fragmentation is something that should be avoided if possible because it is costly in terms of router and end node processing . In the worst case scenario, the device that is fragmenting and reassembling will become CPU bound and other traffic flows will suffer, performance will diminish and service can be denied.

There are numerous schemes that have been developed to minimize, if not eliminate, IP fragmentation by coercing the various entities on a circuit to agree on a logical transmission unit that will fit into one physical MTU (maximum transmission unit). The method referred to in this solution is the TCP adjust-mss parameter available on many Cisco routers. This is likely to be the most useful way to coerce the network partners to stay within a defined physical MTU. What is being done with this option is to force the TCP Maximum Segment Size (MSS) field, which is effectively the data payload, to fit within the MTU.

The negotiation of MSS is done between the client and server and each side can have a different value.

The negotiation is based on two factors:   1) Receive Buffer size and 2) Maximum Transmission Unit. The lesser value between these two factors is chosen. In default configurations this negotiation does not take into account any intermediate devices that might be adding bytes to create tunnels and such along the way between the client and server.  This calculation also does not take into account any additional bytes in the IP options fields or the TCP options fields (e.g. ADN).  If the Maximum Transmission Unit of Ethernet (1500) is left at its default and it turns out to be the least common denominator along the path, then this allows TCP to negotiate a message size of 1500 –  20 bytes  or 1480 bytes. This simple calculation is the result of removing a standard IP header size (20 bytes) from the maximum Ethernet payload of 1500 bytes.

The use of WCCP with GRE guarantees some ip fragmentation will occur in default Ethernet configurations. This is because GRE adds 24 bytes to a standard Ethernet frame and WCCP adds an additional  4 bytes.  So, if the MSS is negotiated to 1480 and IP adds it’s 20 bytes , then the additional 28 bytes added by GRE and WCCP force IP to fragment the resultant 1528 byte  frame.

The use of the TCP Adjust-MSS command on the Cisco router will modify the maximum segment size field (MSS) for TCP SYN packets traveling through an interface. It is applied at the interface level.  The router compares the MSS value of incoming or outgoing packets against the adjusted MSS setting and replaces with the adjusted value when the presented value is larger. The receiving side will adjust  its TCP send buffer  to the lower value and at the same time to a value that has been manipulated to keep it’s TCP frames within path MTU.  

A caveat to this technique is that it only works for TCP traffic. As a general rule, also, it is best to place the command on the interface(s) that are closest to the SYN packets.

What is the best number to use?

Here is a conservative calculation for Ethernet:

MTU                                      1500

IP Header                               -20

TCP Header                           -20

GRE/WCCP                           - 28

TCP OPTIONS                       - 12

ip  tcp adjust-mss       =   1420