Intermittent strange behavior - packet size (MSS)

Mikrotik only. The administration should be made by an experienced user.

Symptoms

  • some web pages won't download
  • issue happens for some devices only (e.g. laptop works fine, smartphone not)
  • some SOCIFI features will not work (e.g. a page keeps rotating or is not displayed)

What all these got in common though is that they're intermittent and not each user will complain. What we've found is often causing the issues is the size of packets. It might be your device doesn't allow bigger packets and it trashes them away. We recommend to try and if it won't help, reverse the setting.

Workaround

Let's try to limit the packet size for the outgoing packet - see configuration bellow. The setting will cause that any packet bigger than 1400 bytes will be split into more packets.


Mikrotik administration:

Run this command in the new terminal window:

/ip firewall mangle
add action=change-mss chain=forward new-mss=1400 protocol=tcp tcp-flags=syn tcp-mss=!0-1400
add action=change-mss chain=output new-mss=1400 protocol=tcp tcp-flags=syn tcp-mss=!0-1400

Note: You may also do it using GUI  (IP > Firewall > Mangle) but we consider the command line approach for faster and safer solution and have not tried it with GUI.

 

WARNING

Please note that any manipulation with packets can and likely will significantly increase the CPU usage!  Thus use this as temporary solution only and resolve the real cause - too big packets. It can be caused by using VPN, PPtP connections and others


About MSS  (Maximum Segment Size)

It is a well known fact that VPN links have smaller packet size due to encapsulation overhead. A large packet with MSS that exceeds the MSS of the VPN link should be fragmented prior to sending it via that kind of connection.