Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex Virtual Private Cloud
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Cloud network
      • Creating a cloud network
      • Deleting a cloud network
      • Updating a cloud network
    • Subnet
      • Creating a subnet
      • Deleting a subnet
      • Updating a subnet
    • IP address
      • Reserving a static public IP address
      • Making a dynamic public IP address static
      • Making a static public IP address dynamic
      • Deleting a static public IP address
    • Static routes
      • Creating a static route
      • Enabling NAT to the internet
    • Security groups
      • Create a security group
      • Update a security group and rules
      • Delete a security group
    • DDoS Protection
      • Enable protection from DDoS attacks
  • Use cases
    • Architecture and protection of a basic internet service
  • Concepts
    • Relationship between service resources
    • Cloud networks and subnets
    • Cloud resource addresses
    • Static routes
    • Security groups
    • MTU and MSS
    • DHCP settings
    • Quotas and limits
  • DDoS Protection
  • Cloud Interconnect
  • Access management
  • Pricing policy
    • Current policy
    • Archive
      • Policy before January 1, 2019
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • AddressService
      • NetworkService
      • RouteTableService
      • SecurityGroupService
      • SubnetService
      • OperationService
    • REST
      • Overview
      • Address
        • Overview
        • create
        • delete
        • get
        • getByValue
        • list
        • listOperations
        • update
      • Network
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • listSubnets
        • move
        • update
      • RouteTable
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • move
        • update
      • SecurityGroup
        • Overview
      • Subnet
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • move
        • update
      • Operation
        • Overview
        • get
  • Questions and answers
  1. Concepts
  2. MTU and MSS

MTU and TCP MSS

    The maximum transmission unit (MTU) is the maximum size of a data packet, in bytes, that can be communicated over a network segment.

    The standard MTU is 1500 bytes, but MTUs may vary in different networks that packets are transmitted through. For example, when DDoS Protection or VPN tunnels are used, the MTU value should be lower to make sure that packets are not lost. Packet loss due to MTU problems may look like an unresponsive TCP session, for example, during the TLS Handshake or SSH access.

    There are several ways to impact the size of transmitted packets:

    1. Set the MTU through your VM interface: this will affect all types of transmitted packets.
    2. Set the TCP MSS (maximum segment size). The TCP MSS can only be set for certain packets, for example, those passed via the default route.

    If DDoS Protection is enabled, we recommend setting the MTU to 1450 (if you need to limit the size of all packets), and the TCP MSS to 1410 (if you need to limit the size of TCP packets only).

    If you use VPN tunnels, reduce the MTU and TCP MSS values to the size of the tunnel headers and TCP headers that are used.

    Language
    Careers
    Privacy policy
    Terms of use
    © 2021 Yandex.Cloud LLC