MTU and TCP MSS
The maximum transmission unit (MTU) is the maximum size of a data packet, in bytes, that can be communicated over a network segment.
Generally, MTU is 1500 bytes; however, MTUs may vary in different networks the packets are transmitted through. For example, when using Yandex DDoS Protection or VPN tunnels, the MTU value should be lower to avoid losing packets. Packet loss due to MTU issues may look like an unresponsive TCP session, such as during a TLS handshake or SSH access.
There are two ways to impact the size of transmitted packets:
- Set the MTU through your VM interface: this will affect all types of transmitted packets.
- Set the TCP MSS. The TCP MSS can only be set for certain packets, for example, those transmitted through the default route.
Alert
When you enable DDoS Protection, you should set the MTU to 1450 bytes if you need to limit the size of all packets, and the TCP MSS to 1410 if you only need to limit the size of TCP packets.
You can learn how to configure the MTU for various platforms in Yandex Cloud here.
If you use VPN tunnels, reduce the MTU and TCP MSS values to the size of the tunnel headers and TCP headers, respectively.