GTP and ip tcp adjust-mss

Unanswered Question
Feb 23rd, 2009

The question I have is fairly straight-forward, but the answer may not be. If I place a layer 3 device on Gn between an SGSN and a GGSN, is it possible to adjust MSS in TCP SYN packets? The packets are encapsulated by GTP so it will need to l ook down to the TCP header below the GTP header. If it is, what devices can perform this operation?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Giuseppe Larosa Mon, 02/23/2009 - 06:31

Hello Patrick,

from the point of view of the device that performs GTP encapsulation nothing changes:

it needs to take the packet and to insert it in the GTP header.

It is in this step that if the original packet is too big it would require fragmentation.

After the GTP packet is sent out it travels in an IP network, eventually some device may want to fragment it further if it bigger then its outgoing MTU.

A GTP packet being an IP packet can be routed in normal way.

I had been working for a mobile operator and the SGSNs and the GGSNs were connected via the MPLS backbone without problems.

At the end we were thinking to put them inside MPLS VRFs for additional security and this is done too.

Hope to help


patrickvanham Mon, 02/23/2009 - 06:53

Guiseppe, thank you for the reply. The problem is that the packet doesn't lose it's GTP encapsulation until it reaches the GGSN Gi interface. But between the SGSN and GGSN there is transport network with MPLS of which a small part the MPLS encapsulated packets cannot exceed 1500 bytes. There's a lot of overhead: MPLS+labels+GTP header. This makes it necessary to make sure MTU cannot be the normal 1500, but a rather smaller figure. In general TCP packets are the larger ones, and it's not possible to control mobile equipment, nor equipment on the net. So adjusting MSS seems the only way. But if the SGSN is not directly connected but uses an MPLS transit network, part of which the MPLS packet is restricted to 1500 bytes. There may be an option with a GTP-aware firewall to do this, but I'd like to know whether there is any other way.

Giuseppe Larosa Mon, 02/23/2009 - 08:27

Hello Patrick,

that customer used netscreen (juniper) GTP aware firewalls able to inspect GTP traffic but I don't know it this is possible.

What you can do is to use

ip tcp mss on SGSN or equivalent :

because the GTP encapsulation is created by the SGSN it that the place to perform this MTU tuning.

you need to make a step back and to avoid to send out GTP packets of full size.

also an ip mtu 1500 - label stack size could work.

You need to put it on both sides

Probably if there is a distinct PE node (different from SGSN) you can place

ip mtu 1500-label_stack_size

on the access link towards the SGSN

also ip tcp mss can be used as

ip tcp mss 1500 -label_Stack_size -40

last are for ipv4 and tcp headers

probably in this scenario ip tcp mss-adjust cannot work correctly

Hope to help


patrickvanham Tue, 02/24/2009 - 02:12

Thank you again. Sadly, I cannot perform this operaion on the SGSN, since some that are affected belong to different providers. So I was hoping it was possible to alter the tcp mss while the packet was encapsulated by GTP.

It seems to be very difficult if at all possible to do this.


This Discussion