GRE Tunnels and TCP MSS 1436

While looking at the design guide for Akamai’s GRE Technical Guide, you’ll notice that the TCP MSS in their example is 1436. This was brought up on the call where Akamai said a client had issues in the past because this was not set properly. If you’re like me, you ask yourself right away, why does the TCP MSS need to be changed to 1436? Why would leaving this config out cause issues?

It’s actually quite simple, we are talking about the Ethernet protocol where a 1500 byte packet is the largest allowed. The moment you introduce GRE Tunneling, you’re adding 24 bytes! So you go from 1500 bytes to 1524 bytes. When you do this, packet fragmentation becomes an issue and you’ll notice it right away.

Below is the math. Changing your TCP MSS on a network device like Cisco, brings you back to 1500 bytes.


Cisco Config:

interface FastEthernet0/1 
 ip tcp adjust-mss 1436